Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ece12fa8dd...09.apk

android-9-x86

ece12fa8dd...09.apk

android-10-x64

10

ece12fa8dd...09.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    22/12/2024, 22:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ece12fa8dd038b6fa6750790ea0bbc1a21d38bbbc0e6c6f02c872fa94cd5fb09.apk

  • Size

    1.2MB

  • MD5

    ebccd261a807f8ef28e687a8f17a334a

  • SHA1

    727ab2e896852072440972898bd5c7980c62f322

  • SHA256

    ece12fa8dd038b6fa6750790ea0bbc1a21d38bbbc0e6c6f02c872fa94cd5fb09

  • SHA512

    e0e37a13466b12180b5f67d118f2e82b6fa78a1126528b06d6c6bb5ef27b3e12f2e3dbfec45177fb1c9234d1a3c99d6f790772d5f2f46b5f75febd98ba4d0aa1

  • SSDEEP

    24576:P7g8TyUcm4t64TudslPkhuS5SD1rCP9BnVEv9Q5vOSERCy+JvsBiUU:P7g8uU3slPkhuH1Irg9qvOSEsy+JkBiX

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://154.216.20.225:3434

AES_key
1
4a6733386a5a347a514a75414f576e6c46655578577556546f317a3464544a50

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Hook family
    hook
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4725

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.204.72
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    POST
    http://154.216.20.225:3434/php/n.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/n.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sun, 22 Dec 2024 22:02:07 GMT
    Content-Length: 0
  • flag-us
    POST
    http://154.216.20.225:3434/php/8p2q9yyrb.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/8p2q9yyrb.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 390
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sun, 22 Dec 2024 22:02:07 GMT
    Content-Length: 0
  • flag-us
    POST
    http://154.216.20.225:3434/php/0yggne4to8f.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/0yggne4to8f.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 240
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
  • flag-us
    POST
    http://154.216.20.225:3434/php/0yggne4to8f.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/0yggne4to8f.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 240
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    POST
    http://154.216.20.225:3434/php/zszv1zvgodh0xo.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/zszv1zvgodh0xo.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sun, 22 Dec 2024 22:02:09 GMT
    Content-Length: 0
  • flag-us
    POST
    http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/b7v52hgluqix4k8ib.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
  • flag-us
    POST
    http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
    Remote address:
    154.216.20.225:3434
    Request
    POST /php/b7v52hgluqix4k8ib.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • flag-us
    GET
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    154.216.20.225:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 154.216.20.225:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
  • 142.250.187.238:443
    tls, https
    1.4kB
     40 B
     1
    1
  • 142.250.178.14:443
    android.apis.google.com
    tls
    3.5kB
     7.0kB
     17
    15
  • 142.250.178.14:443
    android.apis.google.com
    tls
    2.6kB
     6.1kB
     11
    12
  • 142.250.187.206:443
    www.youtube.com
    tls
    2.1kB
     8.3kB
     18
    15
  • 216.239.38.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 216.58.204.72:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     8
    9
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/php/0yggne4to8f.php/
    http
    2.7kB
     574 B
     8
    8

    HTTP Request

    POST http://154.216.20.225:3434/php/n.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.225:3434/php/8p2q9yyrb.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.225:3434/php/0yggne4to8f.php/
  • 154.216.20.225:3434
    http://154.216.20.225:3434/php/0yggne4to8f.php/
    http
    815 B
     216 B
     5
    4

    HTTP Request

    POST http://154.216.20.225:3434/php/0yggne4to8f.php/
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
    http
    1.9kB
     395 B
     6
    6

    HTTP Request

    POST http://154.216.20.225:3434/php/zszv1zvgodh0xo.php/

    HTTP Response

    200

    HTTP Request

    POST http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
  • 154.216.20.225:3434
    http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
    http
    704 B
     216 B
     4
    4

    HTTP Request

    POST http://154.216.20.225:3434/php/b7v52hgluqix4k8ib.php/
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    433 B
     216 B
     5
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    598 B
     216 B
     5
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    433 B
     216 B
     5
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    433 B
     216 B
     5
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    433 B
     216 B
     5
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 142.250.187.238:443
    www.youtube.com
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.187.225:443
    tls
    519 B
     7
  • 216.239.38.223:443
    tls, https
    484 B
     7
  • 154.216.20.225:3434
    http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
    http
    381 B
     216 B
     4
    4

    HTTP Request

    GET http://154.216.20.225:3434/socket.io/?EIO=3&transport=polling
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.187.206
    216.58.213.14
    172.217.169.14
    142.250.178.14
    142.250.187.238
    142.250.200.14
    216.58.201.110
    216.58.204.78
    172.217.16.238
    142.250.200.46
    216.58.212.238
    172.217.169.46
    142.250.180.14
    142.250.179.238

  • 142.250.187.206:443
    www.youtube.com
    https
    1.4kB
     54 B
     1
    1
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.204.72

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    1eb0872d3cf7bcbf644af090af9065fa

    SHA1

    c7c08a8c4d4d7798435fe34b236e341431e8d4a9

    SHA256

    8864cb72f3a3183ec124bfe925db2b163fcdeab684e202105da76944dc117ac5

    SHA512

    8324737f71f32cb6b1977806c8bd8c07c6b32c89706a8c7c0bf236d0ab02b545e29df9bdc2d7cedec528e74df3665104865c715ffa2f8a35e55e30b137c15eae

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    23d3c996a74eb338653e493584bd2035

    SHA1

    ed6ff01515913ab281df2a888e61db5920ab8b0e

    SHA256

    278f8a8cbda0f6da143696cba8fa5a3bf7294326ad077cb09efcc463e4b49efc

    SHA512

    30f16f4f52646066b16fb21995119b126fc541465a8019310538e033e95afbbdfac62950c4cfa2467e5c1d70b47144f63d9b84faeee51b32bec6bddd11d1a7a4

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    806e21d23e389f3601424fee3cf00bb4

    SHA1

    30f20e203f0f6f41aaefc519c001f41f86494b63

    SHA256

    ec69e1e5e9f92c6b9ba456ae58e1c5d19cba96fdff142597054bfad8ef866a7c

    SHA512

    8e8f971266144dce8a078c32bba1a11c5c556bb4bf4fab74142694e4d152e20c700e4f73f6a282dd3d3db38f8a0edca58f3d0da27865eb66c6bb234ba17696d8

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    3c943eb0d07952c190adc9c0b9dfbb1b

    SHA1

    3110d3689212cdc6bf6677077c1a640e95bf9bbf

    SHA256

    3995a7e0da0c19c394f5b4ee2df775441f7b6023d4ac29bac95a5f2492434bbc

    SHA512

    c3bab96bfea04d010c546bed3feba4cd3f98ba03598d6948d4cceebcc72ef3fcb8cda299537eeb10891569cd90b3c2ef6bcb5bfd8b6231382408d3e020f88763

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.