Analysis
-
max time kernel
7s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
11/01/2025, 18:35 UTC
General
-
Target
Cpu_throttling_test_apk_5533212680.apk
-
Size
3.2MB
-
MD5
8b87aeca37d6e8d0bb8519821c9b5a54
-
SHA1
e387d9b01d1afd91c444501e7a50fd35298a2855
-
SHA256
4b4385d36539e9ef42527488e73db5172dbcd4c2a0c394c7c8bc40e5a8b27093
-
SHA512
8003821cae5820cd20d9ed2ec0f14a3df60662acaa96107070a029e565eb3abcf05b5f0ab5f9f0aa7d2db6f6bbb7063dfb879438e1353fbe62edb59365290bb7
-
SSDEEP
49152:Va0SLdesVbIRgUQsI6Tvgf3YgizGp1s+vWJzcjgkyzfrFP:80Mdes9IRfQH/YBKp1sDJISzfrFP
Score
6/10
Malware Config
Signatures
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.example.tutnnknorz1⤵
Network
-
DNSsemanticlocation-pa.googleapis.comRemote address:1.1.1.1:53Requestsemanticlocation-pa.googleapis.comIN AResponsesemanticlocation-pa.googleapis.comIN A142.250.180.10semanticlocation-pa.googleapis.comIN A216.58.201.106semanticlocation-pa.googleapis.comIN A142.250.179.234semanticlocation-pa.googleapis.comIN A172.217.169.10semanticlocation-pa.googleapis.comIN A216.58.213.10semanticlocation-pa.googleapis.comIN A142.250.200.42semanticlocation-pa.googleapis.comIN A172.217.16.234semanticlocation-pa.googleapis.comIN A142.250.187.234semanticlocation-pa.googleapis.comIN A216.58.212.202semanticlocation-pa.googleapis.comIN A216.58.204.74semanticlocation-pa.googleapis.comIN A172.217.169.74semanticlocation-pa.googleapis.comIN A216.58.212.234semanticlocation-pa.googleapis.comIN A172.217.169.42semanticlocation-pa.googleapis.comIN A142.250.200.10semanticlocation-pa.googleapis.comIN A142.250.178.10semanticlocation-pa.googleapis.comIN A142.250.187.202 -
DNSsemanticlocation-pa.googleapis.comRemote address:1.1.1.1:53Requestsemanticlocation-pa.googleapis.comIN A
-
DNSs.grobrothers.orgRemote address:1.1.1.1:53Requests.grobrothers.orgIN AResponses.grobrothers.orgIN A104.21.48.1s.grobrothers.orgIN A104.21.16.1s.grobrothers.orgIN A104.21.96.1s.grobrothers.orgIN A104.21.80.1s.grobrothers.orgIN A104.21.32.1s.grobrothers.orgIN A104.21.112.1s.grobrothers.orgIN A104.21.64.1
-
DNSs.grobrothers.orgRemote address:1.1.1.1:53Requests.grobrothers.orgIN A
-
DNSdabalx.orgRemote address:1.1.1.1:53Requestdabalx.orgIN AResponsedabalx.orgIN A72.52.178.23
-
DNSdabalx.orgRemote address:1.1.1.1:53Requestdabalx.orgIN AResponsedabalx.orgIN A72.52.178.23
-
DNSww12.dabalx.orgRemote address:1.1.1.1:53Requestww12.dabalx.orgIN AResponseww12.dabalx.orgIN CNAME084725.parkingcrew.net084725.parkingcrew.netIN A76.223.26.96084725.parkingcrew.netIN A13.248.148.254
-
GEThttp://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343Remote address:76.223.26.96:80RequestGET /cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343 HTTP/1.1
Host: ww12.dabalx.org
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jan 2025 18:35:19 GMT
Server: Caddy
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_gmg4fkuFZ/dUkd3VzP2Gs5hrcnwUNcnsB5yyUF+rOxdAvjZAsxJqiDlgKa+uFgeTjD9ACeJxK/QPpgfw9bjQcg==
X-Buckets: bucket003
X-Domain: dabalx.org
X-Language: english
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Cogent Communications
X-Subdomain: ww12
X-Template: tpl_MobileCleanBlack_twoclick
Transfer-Encoding: chunked
-
GEThttp://ww12.dabalx.org/track.php?domain=dabalx.org&toggle=browserjs&uid=MTczNjYyMDUxOS44NjE6MWRhNjYzYzFiY2ZiMmE2YWQ1OGE1Nzk0MDZjZjNjNzc4NTNhZTIxM2Y2YTI5NDkxMzk3ZTVjYmZlNTEwNDhmMTo2NzgyYjllN2QyMzViRemote address:76.223.26.96:80RequestGET /track.php?domain=dabalx.org&toggle=browserjs&uid=MTczNjYyMDUxOS44NjE6MWRhNjYzYzFiY2ZiMmE2YWQ1OGE1Nzk0MDZjZjNjNzc4NTNhZTIxM2Y2YTI5NDkxMzk3ZTVjYmZlNTEwNDhmMTo2NzgyYjllN2QyMzVi HTTP/1.1
Host: ww12.dabalx.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: */*
Referer: http://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jan 2025 18:35:20 GMT
Server: Caddy
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Transfer-Encoding: chunked
-
GEThttp://ww12.dabalx.org/ls.php?t=6782b9e7&token=4948b4b55fa22eae7f0aef2cd343b69d62e9311aRemote address:76.223.26.96:80RequestGET /ls.php?t=6782b9e7&token=4948b4b55fa22eae7f0aef2cd343b69d62e9311a HTTP/1.1
Host: ww12.dabalx.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: */*
Referer: http://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 201 Created
Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 11 Jan 2025 18:35:20 GMT
Server: Caddy
Server: nginx
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hy78QhOQNI9HhbY5n8YV20LeHDJzHk+RiPpCKrqoP98vi2Tvtcz0YgCZT7RTMvt0KicrMZqQWjVFUHWbmyPQAg==
X-Log-Success: 6782b9e8e34eccd66200fd02
Transfer-Encoding: chunked
-
GEThttp://ww12.dabalx.org/favicon.icoRemote address:76.223.26.96:80RequestGET /favicon.ico HTTP/1.1
Host: ww12.dabalx.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _cq_duid=1.1736620520.NQK4Yygn1Sn4O7K2; _cq_suid=1.1736620520.XumTC0kDwvQY29BP; __gsas=ID=8a0fe60001b72ec0:T=1736620521:RT=1736620521:S=ALNI_MZrW_KtKXdilvVHw0g80XlfPyplFw
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Sat, 11 Jan 2025 18:35:25 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy
Server: nginx
-
DNSparking3.parklogic.comRemote address:1.1.1.1:53Requestparking3.parklogic.comIN AResponseparking3.parklogic.comIN A170.187.143.93
-
DNSeuob.netgreencolumn.comRemote address:1.1.1.1:53Requesteuob.netgreencolumn.comIN AResponseeuob.netgreencolumn.comIN A143.204.176.13euob.netgreencolumn.comIN A143.204.176.84euob.netgreencolumn.comIN A143.204.176.80euob.netgreencolumn.comIN A143.204.176.38
-
DNSupdate.googleapis.comRemote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A142.250.179.227
-
DNScrt.sectigo.comRemote address:1.1.1.1:53Requestcrt.sectigo.comIN AResponsecrt.sectigo.comIN CNAMEcrt.comodoca.com.cdn.cloudflare.netcrt.comodoca.com.cdn.cloudflare.netIN A104.18.38.233crt.comodoca.com.cdn.cloudflare.netIN A172.64.149.23
-
GEThttp://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crtRemote address:104.18.38.233:80RequestGET /SectigoRSADomainValidationSecureServerCA.crt HTTP/1.1
Host: crt.sectigo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OK
Date: Sat, 11 Jan 2025 18:35:20 GMT
Content-Type: application/pkix-cert
Content-Length: 1559
Connection: keep-alive
Last-Modified: Fri, 02 Nov 2018 00:00:00 GMT
Etag: "33e4e80807204c2b6182a3a14b591acd25b5f0db"
Cache-Control: max-age=86400,s-maxage=14400,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 13122
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9007018c3e7f7792-LHR
-
DNSd38psrni17bvxu.cloudfront.netRemote address:1.1.1.1:53Requestd38psrni17bvxu.cloudfront.netIN AResponsed38psrni17bvxu.cloudfront.netIN A99.86.249.105d38psrni17bvxu.cloudfront.netIN A99.86.249.97d38psrni17bvxu.cloudfront.netIN A99.86.249.190d38psrni17bvxu.cloudfront.netIN A99.86.249.202
-
GEThttp://d38psrni17bvxu.cloudfront.net/themes/MobileCleanBlack_e01968e1/bg-inv.jpgRemote address:99.86.249.105:80RequestGET /themes/MobileCleanBlack_e01968e1/bg-inv.jpg HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 9; AOSP on IA Emulator Build/PSR1.180720.122) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 50845
Connection: keep-alive
Server: nginx
Date: Sat, 11 Jan 2025 11:12:23 GMT
Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT
Accept-Ranges: bytes
ETag: "65fc1e7b-c69d"
X-Cache: Hit from cloudfront
Via: 1.1 9fdd5bd72604beaad36fa6d3b5b0ff10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: mufbxJId2KT3rdkzxg-Prt_dnx1LY3hUl2Idy6YyQ6ZJ6h0DQNjO8g==
Age: 26577
-
DNSwww.google.comRemote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A216.58.212.228
-
DNSsyndicatedsearch.googRemote address:1.1.1.1:53Requestsyndicatedsearch.googIN AResponsesyndicatedsearch.googIN A142.250.200.14
-
DNSobseu.netgreencolumn.comRemote address:1.1.1.1:53Requestobseu.netgreencolumn.comIN A
-
DNSpartner.googleadservices.comRemote address:1.1.1.1:53Requestpartner.googleadservices.comIN AResponsepartner.googleadservices.comIN A142.250.180.2
-
DNSobseu.netgreencolumn.comRemote address:1.1.1.1:53Requestobseu.netgreencolumn.comIN AResponseobseu.netgreencolumn.comIN A34.251.101.162obseu.netgreencolumn.comIN A54.75.69.192obseu.netgreencolumn.comIN A3.248.162.96
-
DNSwww.godaddy.comRemote address:1.1.1.1:53Requestwww.godaddy.comIN AResponsewww.godaddy.comIN CNAMEwildcard-ipv6.godaddy.com.edgekey.netwildcard-ipv6.godaddy.com.edgekey.netIN CNAMEe6001.dscx.akamaiedge.nete6001.dscx.akamaiedge.netIN A2.19.168.53
-
DNSandroid.apis.google.comRemote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.200.46
-
72.52.178.23:443dabalx.orgtls
-
72.52.178.23:443dabalx.orgtls
-
72.52.178.23:443dabalx.org
-
76.223.26.96:80http://ww12.dabalx.org/favicon.icohttp
HTTP Request
GET http://ww12.dabalx.org/cankl2k.php?key=1icyhd8bc7bfqphjemaa&user_id=Cpu%20throttling%20test%20apk&usid=24&utid=10088944343HTTP Response
200HTTP Request
GET http://ww12.dabalx.org/track.php?domain=dabalx.org&toggle=browserjs&uid=MTczNjYyMDUxOS44NjE6MWRhNjYzYzFiY2ZiMmE2YWQ1OGE1Nzk0MDZjZjNjNzc4NTNhZTIxM2Y2YTI5NDkxMzk3ZTVjYmZlNTEwNDhmMTo2NzgyYjllN2QyMzViHTTP Response
200HTTP Request
GET http://ww12.dabalx.org/ls.php?t=6782b9e7&token=4948b4b55fa22eae7f0aef2cd343b69d62e9311aHTTP Response
201HTTP Request
GET http://ww12.dabalx.org/favicon.icoHTTP Response
200 -
170.187.143.93:443parking3.parklogic.comtls
-
143.204.176.13:443euob.netgreencolumn.comtls
-
142.250.179.227:443update.googleapis.comtls
-
104.18.38.233:80http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crthttp
HTTP Request
GET http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crtHTTP Response
200 -
170.187.143.93:443parking3.parklogic.comtls
-
99.86.249.105:80http://d38psrni17bvxu.cloudfront.net/themes/MobileCleanBlack_e01968e1/bg-inv.jpghttp
HTTP Request
GET http://d38psrni17bvxu.cloudfront.net/themes/MobileCleanBlack_e01968e1/bg-inv.jpgHTTP Response
200 -
216.58.212.228:443www.google.comtls
-
142.250.200.14:443syndicatedsearch.googtls
-
142.250.180.2:443partner.googleadservices.com
-
142.250.180.2:443partner.googleadservices.comtls
-
34.251.101.162:443obseu.netgreencolumn.comtls -
142.250.200.46:443tls, https
-
142.250.200.46:443android.apis.google.comtls
-
216.58.201.106:443semanticlocation-pa.googleapis.comtls, https
-
224.0.0.251:5353 -
1.1.1.1:53semanticlocation-pa.googleapis.comdns
DNS Request
semanticlocation-pa.googleapis.com
DNS Request
semanticlocation-pa.googleapis.com
DNS Response
142.250.180.10216.58.201.106142.250.179.234172.217.169.10216.58.213.10142.250.200.42172.217.16.234142.250.187.234216.58.212.202216.58.204.74172.217.169.74216.58.212.234172.217.169.42142.250.200.10142.250.178.10142.250.187.202
-
1.1.1.1:53s.grobrothers.orgdns
DNS Request
s.grobrothers.org
DNS Request
s.grobrothers.org
DNS Response
104.21.48.1104.21.16.1104.21.96.1104.21.80.1104.21.32.1104.21.112.1104.21.64.1
-
1.1.1.1:53dabalx.orgdns
DNS Request
dabalx.org
DNS Response
72.52.178.23
-
1.1.1.1:53dabalx.orgdns
DNS Request
dabalx.org
DNS Response
72.52.178.23
-
1.1.1.1:53ww12.dabalx.orgdns
DNS Request
ww12.dabalx.org
DNS Response
76.223.26.9613.248.148.254
-
1.1.1.1:53parking3.parklogic.comdns
DNS Request
parking3.parklogic.com
DNS Response
170.187.143.93
-
1.1.1.1:53euob.netgreencolumn.comdns
DNS Request
euob.netgreencolumn.com
DNS Response
143.204.176.13143.204.176.84143.204.176.80143.204.176.38
-
1.1.1.1:53update.googleapis.comdns
DNS Request
update.googleapis.com
DNS Response
142.250.179.227
-
1.1.1.1:53crt.sectigo.comdns
DNS Request
crt.sectigo.com
DNS Response
104.18.38.233172.64.149.23
-
1.1.1.1:53d38psrni17bvxu.cloudfront.netdns
DNS Request
d38psrni17bvxu.cloudfront.net
DNS Response
99.86.249.10599.86.249.9799.86.249.19099.86.249.202
-
1.1.1.1:53www.google.comdns
DNS Request
www.google.com
DNS Response
216.58.212.228
-
1.1.1.1:53syndicatedsearch.googdns
DNS Request
syndicatedsearch.goog
DNS Response
142.250.200.14
-
1.1.1.1:53obseu.netgreencolumn.comdns
DNS Request
obseu.netgreencolumn.com
-
1.1.1.1:53partner.googleadservices.comdns
DNS Request
partner.googleadservices.com
DNS Response
142.250.180.2
-
1.1.1.1:53obseu.netgreencolumn.comdns
DNS Request
obseu.netgreencolumn.com
DNS Response
34.251.101.16254.75.69.1923.248.162.96
-
1.1.1.1:53www.godaddy.comdns
DNS Request
www.godaddy.com
DNS Response
2.19.168.53
-
1.1.1.1:53android.apis.google.comdns
DNS Request
android.apis.google.com
DNS Response
142.250.200.46