Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

efec75b7c2...0c.apk

android-9-x86

10

efec75b7c2...0c.apk

android-13-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    07/01/2025, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efec75b7c27c6461db4ed6acb7a51d49780567b5136e8dd34e157d4ccbf97d0c.apk

  • Size

    2.6MB

  • MD5

    0642d3a5f50bde7207971a92f41ab496

  • SHA1

    40dab7f9de25082b1e7d98be7996b7ae9b6bea98

  • SHA256

    efec75b7c27c6461db4ed6acb7a51d49780567b5136e8dd34e157d4ccbf97d0c

  • SHA512

    54d5457e6b5e97993e4bd03507f8e8e716f66b3d84a0c19c11e44d615ce68267acc455f5d170eec10af249772a68671703127979b1565ac468a565eb344cc167

  • SSDEEP

    49152:tlrYyjKeY9CcmpT5u4Fs/YJIrCJhjv0IrcJEHgKs6MzlBno9cPDMg1rf5GRW7TVb:3r7OkcmptFryroVvbgHHoi7M0iW7RW/y

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://yesmincanruslane.xyz/YjVmNGU0NmNhODlm/

https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

https://sevgikadervedostlukhikayesi.xyz/YjVmNGU0NmNhODlm/

https://kaderseverleryolculuknotlari.xyz/YjVmNGU0NmNhODlm/

https://kadersohbetleriilepaylasim.xyz/YjVmNGU0NmNhODlm/

https://kaderinyansimalarindankareler.xyz/YjVmNGU0NmNhODlm/

https://kaderduygularivebaglantilar.xyz/YjVmNGU0NmNhODlm/

https://kadersevgininkalptenhikayesi.xyz/YjVmNGU0NmNhODlm/

https://kaderdostlukvegizemlianilar.xyz/YjVmNGU0NmNhODlm/

https://kadersozlerlehikayeveriyor.xyz/YjVmNGU0NmNhODlm/

https://kaderlerarasisamimiuyum.xyz/YjVmNGU0NmNhODlm/

https://kaderduygusalbagvetutkular.xyz/YjVmNGU0NmNhODlm/

https://kaderseverlerinrenklidunyasi.xyz/YjVmNGU0NmNhODlm/

https://kadersanatisozlerdeninsanlara.xyz/YjVmNGU0NmNhODlm/

https://kadersevgiyletasanumut.xyz/YjVmNGU0NmNhODlm/

https://kaderseverlerpaylasimbahcesi.xyz/YjVmNGU0NmNhODlm/

https://kaderdostlarivehayatbaglari.xyz/YjVmNGU0NmNhODlm/

https://kadersanatinrenkligolgeleri.xyz/YjVmNGU0NmNhODlm/

https://kaderinhayatdolasimbirligi.xyz/YjVmNGU0NmNhODlm/

https://kaderinsadekalptenyansimalari.xyz/YjVmNGU0NmNhODlm/
rc4.plain
1
ntIkBrPN9abLOCltkM

Extracted

Family

octo

C2

https://yesmincanruslane.xyz/YjVmNGU0NmNhODlm/

https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

https://sevgikadervedostlukhikayesi.xyz/YjVmNGU0NmNhODlm/

https://kaderseverleryolculuknotlari.xyz/YjVmNGU0NmNhODlm/

https://kadersohbetleriilepaylasim.xyz/YjVmNGU0NmNhODlm/

https://kaderinyansimalarindankareler.xyz/YjVmNGU0NmNhODlm/

https://kaderduygularivebaglantilar.xyz/YjVmNGU0NmNhODlm/

https://kadersevgininkalptenhikayesi.xyz/YjVmNGU0NmNhODlm/

https://kaderdostlukvegizemlianilar.xyz/YjVmNGU0NmNhODlm/

https://kadersozlerlehikayeveriyor.xyz/YjVmNGU0NmNhODlm/

https://kaderlerarasisamimiuyum.xyz/YjVmNGU0NmNhODlm/

https://kaderduygusalbagvetutkular.xyz/YjVmNGU0NmNhODlm/

https://kaderseverlerinrenklidunyasi.xyz/YjVmNGU0NmNhODlm/

https://kadersanatisozlerdeninsanlara.xyz/YjVmNGU0NmNhODlm/

https://kadersevgiyletasanumut.xyz/YjVmNGU0NmNhODlm/

https://kaderseverlerpaylasimbahcesi.xyz/YjVmNGU0NmNhODlm/

https://kaderdostlarivehayatbaglari.xyz/YjVmNGU0NmNhODlm/

https://kadersanatinrenkligolgeleri.xyz/YjVmNGU0NmNhODlm/

https://kaderinhayatdolasimbirligi.xyz/YjVmNGU0NmNhODlm/

https://kaderinsadekalptenyansimalari.xyz/YjVmNGU0NmNhODlm/
Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key
1
3534353639643261616165373137363333356136376266373265383637333666

Signatures

  • Octo

    Octo is a banking malware with remote access capabilities first seen in April 2022.

    bankertrojaninfostealerratocto
  • Octo family
    octo
  • Octo payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests modifying system settings. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.reopen.forget
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4502

Network

  • flag-us
    DNS
    kadersevgiyletasanumut.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersevgiyletasanumut.xyz
    IN A
    Response
  • flag-us
    DNS
    kadersevgininkalptenhikayesi.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersevgininkalptenhikayesi.xyz
    IN A
    Response
  • flag-us
    DNS
    kadersanatisozlerdeninsanlara.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersanatisozlerdeninsanlara.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderdostlukvegizemlianilar.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderdostlukvegizemlianilar.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderlerarasisamimiuyum.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderlerarasisamimiuyum.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderduygularivebaglantilar.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderduygularivebaglantilar.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderseverleryolculuknotlari.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderseverleryolculuknotlari.xyz
    IN A
    Response
  • flag-us
    DNS
    www.ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    www.ip-api.com
    IN A
    Response
    www.ip-api.com
    IN A
    208.95.112.1
  • flag-us
    DNS
    kaderinsadekalptenyansimalari.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderinsadekalptenyansimalari.xyz
    IN A
    Response
  • flag-us
    DNS
    kadersanatinrenkligolgeleri.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersanatinrenkligolgeleri.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderseverlerinrenklidunyasi.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderseverlerinrenklidunyasi.xyz
    IN A
    Response
  • flag-us
    GET
    http://www.ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Host: www.ip-api.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 07 Jan 2025 22:02:29 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 291
    Access-Control-Allow-Origin: *
    X-Ttl: 60
    X-Rl: 44
  • flag-us
    DNS
    kadersohbetleriilepaylasim.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersohbetleriilepaylasim.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderinyansimalarindankareler.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderinyansimalarindankareler.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderduygusalbagvetutkular.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderduygusalbagvetutkular.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderinhayatdolasimbirligi.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderinhayatdolasimbirligi.xyz
    IN A
    Response
  • flag-us
    DNS
    sevgikadervedostlukhikayesi.xyz
    Remote address:
    1.1.1.1:53
    Request
    sevgikadervedostlukhikayesi.xyz
    IN A
    Response
  • flag-us
    DNS
    yesmincanruslane.xyz
    Remote address:
    1.1.1.1:53
    Request
    yesmincanruslane.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderbaglantilarindayanisma.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderbaglantilarindayanisma.xyz
    IN A
    Response
    kaderbaglantilarindayanisma.xyz
    IN A
    93.123.109.244
  • flag-us
    DNS
    kadersozlerlehikayeveriyor.xyz
    Remote address:
    1.1.1.1:53
    Request
    kadersozlerlehikayeveriyor.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderseverlerpaylasimbahcesi.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderseverlerpaylasimbahcesi.xyz
    IN A
    Response
  • flag-us
    DNS
    kaderdostlarivehayatbaglari.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderdostlarivehayatbaglari.xyz
    IN A
    Response
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2832
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:31 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 293
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:31 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2388
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:31 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 192
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2388
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:31 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 7460
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:31 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
    rcs-acs-tmo-us.jibe.google.com
    IN A
    216.239.36.155
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.46
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2469
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:48 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2469
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:48 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 1996
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:49 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2472
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:51 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2472
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:51 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 853
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:02:55 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2469
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:03:02 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    kaderbaglantilarindayanisma.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderbaglantilarindayanisma.xyz
    IN A
    Response
    kaderbaglantilarindayanisma.xyz
    IN A
    93.123.109.244
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 438
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:03:33 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    remoteprovisioning.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    remoteprovisioning.googleapis.com
    IN A
    Response
    remoteprovisioning.googleapis.com
    IN A
    142.250.179.234
    remoteprovisioning.googleapis.com
    IN A
    216.58.212.202
    remoteprovisioning.googleapis.com
    IN A
    216.58.213.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.234
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.42
    remoteprovisioning.googleapis.com
    IN A
    216.58.204.74
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.10
    remoteprovisioning.googleapis.com
    IN A
    172.217.16.234
    remoteprovisioning.googleapis.com
    IN A
    216.58.201.106
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.42
    remoteprovisioning.googleapis.com
    IN A
    142.250.180.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.178.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.202
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2469
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:04:02 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 2469
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:04:02 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    216.58.204.68
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    216.58.204.68
  • flag-us
    DNS
    kaderbaglantilarindayanisma.xyz
    Remote address:
    1.1.1.1:53
    Request
    kaderbaglantilarindayanisma.xyz
    IN A
    Response
    kaderbaglantilarindayanisma.xyz
    IN A
    93.123.109.244
  • flag-bg
    POST
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    Remote address:
    93.123.109.244:443
    Request
    POST /YjVmNGU0NmNhODlm/ HTTP/1.1
    Packets-sent: 60170
    Content-Encoding: gzip
    Content-Length: 424
    Host: kaderbaglantilarindayanisma.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 07 Jan 2025 22:04:33 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 128
    Connection: keep-alive
    Vary: Accept-Encoding
  • 208.95.112.1:80
    http://www.ip-api.com/json
    http
    328 B
     600 B
     6
    3

    HTTP Request

    GET http://www.ip-api.com/json

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    4.8kB
     26.4kB
     23
    23

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.6kB
     97.8kB
     48
    62

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.8kB
     2.9kB
     12
    8

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.8kB
     2.8kB
     12
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    9.5kB
     26.4kB
     24
    23

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 216.239.36.155:443
    rcs-acs-tmo-us.jibe.google.com
    tls
    1.5kB
     6.8kB
     11
    11
  • 172.217.169.46:443
    android.apis.google.com
    tls
    4.2kB
     7.7kB
     29
    24
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.9kB
     2.8kB
     12
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.9kB
     2.8kB
     12
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.4kB
     2.8kB
     12
    8

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    4.0kB
     2.8kB
     13
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    4.0kB
     2.8kB
     13
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    2.3kB
     2.8kB
     13
    8

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    3.9kB
     2.7kB
     12
    7

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    1.9kB
     2.8kB
     13
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 142.250.179.234:443
    remoteprovisioning.googleapis.com
    tls
    3.6kB
     13.4kB
     17
    16
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    4.0kB
     2.8kB
     13
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    4.0kB
     2.8kB
     13
    8

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 216.58.212.228:443
    www.google.com
    tls
    1.1kB
     5.6kB
     11
    8
  • 216.58.212.228:443
    www.google.com
    tls
    2.5kB
     8.3kB
     22
    18
  • 216.58.204.68:443
    www.google.com
    tls
    1.0kB
     4.7kB
     8
    8
  • 93.123.109.244:443
    https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/
    tls, http
    1.9kB
     2.8kB
     13
    9

    HTTP Request

    POST https://kaderbaglantilarindayanisma.xyz/YjVmNGU0NmNhODlm/

    HTTP Response

    200
  • 142.250.187.198:80
    312 B
     6
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.179.226:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.187.198:443
    tls
    135 B
     40 B
     2
    1
  • 172.217.169.66:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.212.193:443
    tls
    135 B
     40 B
     2
    1
  • 142.250.187.234:443
    remoteprovisioning.googleapis.com
    tls, https
    128 B
     40 B
     2
    1
  • 224.0.0.251:5353
    4.2kB
     15
  • 1.1.1.1:53
    kadersevgiyletasanumut.xyz
    dns
    72 B
     137 B
     1
    1

    DNS Request

    kadersevgiyletasanumut.xyz

  • 1.1.1.1:53
    kadersevgininkalptenhikayesi.xyz
    dns
    78 B
     143 B
     1
    1

    DNS Request

    kadersevgininkalptenhikayesi.xyz

  • 1.1.1.1:53
    kadersanatisozlerdeninsanlara.xyz
    dns
    79 B
     144 B
     1
    1

    DNS Request

    kadersanatisozlerdeninsanlara.xyz

  • 1.1.1.1:53
    kaderdostlukvegizemlianilar.xyz
    dns
    77 B
     142 B
     1
    1

    DNS Request

    kaderdostlukvegizemlianilar.xyz

  • 1.1.1.1:53
    kaderlerarasisamimiuyum.xyz
    dns
    73 B
     138 B
     1
    1

    DNS Request

    kaderlerarasisamimiuyum.xyz

  • 1.1.1.1:53
    kaderduygularivebaglantilar.xyz
    dns
    77 B
     142 B
     1
    1

    DNS Request

    kaderduygularivebaglantilar.xyz

  • 1.1.1.1:53
    kaderseverleryolculuknotlari.xyz
    dns
    78 B
     143 B
     1
    1

    DNS Request

    kaderseverleryolculuknotlari.xyz

  • 1.1.1.1:53
    www.ip-api.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.ip-api.com

    DNS Response

    208.95.112.1

  • 1.1.1.1:53
    kaderinsadekalptenyansimalari.xyz
    dns
    79 B
     144 B
     1
    1

    DNS Request

    kaderinsadekalptenyansimalari.xyz

  • 1.1.1.1:53
    kadersanatinrenkligolgeleri.xyz
    dns
    77 B
     142 B
     1
    1

    DNS Request

    kadersanatinrenkligolgeleri.xyz

  • 1.1.1.1:53
    kaderseverlerinrenklidunyasi.xyz
    dns
    78 B
     143 B
     1
    1

    DNS Request

    kaderseverlerinrenklidunyasi.xyz

  • 1.1.1.1:53
    kadersohbetleriilepaylasim.xyz
    dns
    76 B
     141 B
     1
    1

    DNS Request

    kadersohbetleriilepaylasim.xyz

  • 1.1.1.1:53
    kaderinyansimalarindankareler.xyz
    dns
    79 B
     144 B
     1
    1

    DNS Request

    kaderinyansimalarindankareler.xyz

  • 1.1.1.1:53
    kaderduygusalbagvetutkular.xyz
    dns
    76 B
     141 B
     1
    1

    DNS Request

    kaderduygusalbagvetutkular.xyz

  • 1.1.1.1:53
    kaderinhayatdolasimbirligi.xyz
    dns
    76 B
     141 B
     1
    1

    DNS Request

    kaderinhayatdolasimbirligi.xyz

  • 1.1.1.1:53
    sevgikadervedostlukhikayesi.xyz
    dns
    77 B
     142 B
     1
    1

    DNS Request

    sevgikadervedostlukhikayesi.xyz

  • 1.1.1.1:53
    yesmincanruslane.xyz
    dns
    66 B
     131 B
     1
    1

    DNS Request

    yesmincanruslane.xyz

  • 1.1.1.1:53
    kaderbaglantilarindayanisma.xyz
    dns
    77 B
     93 B
     1
    1

    DNS Request

    kaderbaglantilarindayanisma.xyz

    DNS Response

    93.123.109.244

  • 1.1.1.1:53
    kadersozlerlehikayeveriyor.xyz
    dns
    76 B
     141 B
     1
    1

    DNS Request

    kadersozlerlehikayeveriyor.xyz

  • 1.1.1.1:53
    kaderseverlerpaylasimbahcesi.xyz
    dns
    78 B
     143 B
     1
    1

    DNS Request

    kaderseverlerpaylasimbahcesi.xyz

  • 1.1.1.1:53
    kaderdostlarivehayatbaglari.xyz
    dns
    77 B
     142 B
     1
    1

    DNS Request

    kaderdostlarivehayatbaglari.xyz

  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     92 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

    DNS Response

    216.239.36.155

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.46

  • 172.217.169.46:443
    android.apis.google.com
    https
    2.9kB
     6.3kB
     5
    7
  • 1.1.1.1:53
    kaderbaglantilarindayanisma.xyz
    dns
    77 B
     93 B
     1
    1

    DNS Request

    kaderbaglantilarindayanisma.xyz

    DNS Response

    93.123.109.244

  • 1.1.1.1:53
    remoteprovisioning.googleapis.com
    dns
    79 B
     287 B
     1
    1

    DNS Request

    remoteprovisioning.googleapis.com

    DNS Response

    142.250.179.234
    216.58.212.202
    216.58.213.10
    142.250.187.234
    172.217.169.42
    216.58.204.74
    142.250.200.10
    172.217.16.234
    216.58.201.106
    142.250.200.42
    142.250.180.10
    142.250.178.10
    142.250.187.202

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    216.58.204.68

  • 216.58.204.68:443
    www.google.com
    https
    3.4kB
     8.5kB
     11
    11
  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    216.58.204.68

  • 1.1.1.1:53
    kaderbaglantilarindayanisma.xyz
    dns
    77 B
     93 B
     1
    1

    DNS Request

    kaderbaglantilarindayanisma.xyz

    DNS Response

    93.123.109.244

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.reopen.forget/.qcom.reopen.forget
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.reopen.forget/.qcom.reopen.forget
    Filesize

    86B

    MD5

    e57ce5d62483fe7e7484d9466a7c5d73

    SHA1

    ef354dfba1424ad09110eade33a4d03720f6af35

    SHA256

    0d7c69d68d11ddc5a303857007891fdfb8c5a2fd7d2379b0c19770a66527f123

    SHA512

    a9b8a8e2d59c02e4d22dc4311eb34e09ea4fb59251a59a7a061a0c9107ff0a1735c72949e01a671ecb58495fd0518674a9d97e94d2c6d6d6ad493fd895a7fc43

    Download Submit

  • /data/data/com.reopen.forget/app_question/iOQrsaa.json
    Filesize

    153KB

    MD5

    c3e59cffb60345b22aa346411acb2385

    SHA1

    98c21411bf1bffbb7e67fbd1d9b21412b0014531

    SHA256

    ecfefb650e41d7f1f0253406b56b7c54049d6f61750e95f2e7d425988bfeb7a1

    SHA512

    93ccb93b18cda8a548249c30dcfa2daab3a055fee66378368db9fb5bf93a49233d9607115b8265bb309979512b6a8d9708def28c45843c7a410f7f3db5817bd9

    Download Submit

  • /data/data/com.reopen.forget/app_question/iOQrsaa.json
    Filesize

    153KB

    MD5

    b4dfd2860b293bb9fb3479fe0d45bc05

    SHA1

    c097cd935ce12e775f93618341cc992bc12ca35c

    SHA256

    7552e641ec873169e8a4087461e384b76e2d67fdf90144f1da425b2adc3aa346

    SHA512

    633c2ad0e317cb90111accfdd1be36d56359da8b54e53b0293cb6219e742728fdbd17d4aee7dcaff80263b6d44d5ae7ee0d6c6486fede6c2205252fef2749d5a

    Download Submit

  • /data/data/com.reopen.forget/kl.txt
    Filesize

    490B

    MD5

    d18a7fadbf2e49b9726e8df3dc807ea0

    SHA1

    f3214e386e0ca98b99e45d39dbded748168d14ac

    SHA256

    e23b534c980b575a59b2bb2140c7284871688008941fdf636f98f0cb667d73eb

    SHA512

    5e87ef496ea71c345529612474b5627e2cf802cc1b76c7c24d536ccbe4cb03c7851d15c4a3cdf642b8573502e1915316bc4de2ddd149a7f8e064c01657d72a80

    Download Submit

  • /data/data/com.reopen.forget/kl.txt
    Filesize

    214B

    MD5

    db6685d9440654493a29287bea68c94a

    SHA1

    98bb911af848d4ba6398da74f64e3bc21e15d9e9

    SHA256

    949f4c65d7683316b06509f712c0560a61ad69ec9118705bdec5ca33cfe6a128

    SHA512

    5c97d1b8cffdad9b60ec1a361249877e769c93ad185b907993d26909c1ea1580c0b69248a15a0c528959787dae0721fd8e7d0d2a293d396dd9370f42ee9d9188

    Download Submit

  • /data/data/com.reopen.forget/kl.txt
    Filesize

    54B

    MD5

    fb52298af46faa93270f15bd6aebbe50

    SHA1

    539e977d2ac45d0347f15c7622fac29b87687b9d

    SHA256

    12ceaf09d8b4377b8e42458c866fcad265a1848d2354af19df98bcb902637f88

    SHA512

    fb6c24f264b13f1931c315235d8db82d5134e298759beb5b80d7b357ba3583524dc173a54cd0b202023d31803b74aaf72cc71c3a8d1e78dfdfd7532164cf4552

    Download Submit

  • /data/data/com.reopen.forget/kl.txt
    Filesize

    68B

    MD5

    0f3ca3be87cb8f704a92f90fdccc0f1d

    SHA1

    06b7dbaef636c7a2a2cf7f7243feab3c0f23d718

    SHA256

    ca1181aa5f7dcac88de4c5dad97f63b22fdb74f1235c966e2b99d0cd5142555a

    SHA512

    58efe4936d7b302871a0174c34bca866cc421b6d0de85384672d02634370331d10168916629197e22e7d12158733086ddfc1261ed07d37f7e02bdc5bddede2ae

    Download Submit

  • /data/data/com.reopen.forget/kl.txt
    Filesize

    60B

    MD5

    9dddbe337f2be8d340382ea7a80fae92

    SHA1

    7cf69b698144f5ced80005d10349fbb2c8a56edb

    SHA256

    bfd9330474e67fa85811340a8a2bdb6ba47d6b99ff36a7d2ffe5491eab86aab6

    SHA512

    6e15bbff7891c17eecfeece4ad85ad3753d2d633330b3839a9eb58f374bdf3353bb88d4a693a9d43cfabd0e9b9d027921327c9e151ea8cba936bae5003a5fe04

    Download Submit

  • /data/user/0/com.reopen.forget/app_question/iOQrsaa.json
    Filesize

    451KB

    MD5

    d80a8e6f7ded13fc5eac7f9c4e9a6677

    SHA1

    a108d828f84c4ac1ddec57361dda74996b1bbd9e

    SHA256

    a8e567c5ac65efeca40f75521764fd36b582a18d50fb39f26acbda046030346f

    SHA512

    56e88993799396d4f0e93a73623f695d62a6c24c25a0f6544f89a937bf0f4c02352138c60e3de53763473eb90cc9f04f32412edc8600e037880f50e72a307f9d

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.