Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

file.apk

android-9-x86

10

file.apk

android-10-x64

10

Analysis

  • max time kernel
    34s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    20/01/2025, 13:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.apk

  • Size

    4.9MB

  • MD5

    3aa725662c012f2bf54b993467b2edd5

  • SHA1

    d2b8d88803c79e218fad64c736ad23c1386f3181

  • SHA256

    44fbc03f41d9478db9346c22b0d9854a2f2fa39e959a354e26fa8991a0669f12

  • SHA512

    50a7775daccd555bb716eb0a6c5499f5de6f7d9c96a93b8db8e78fbf33d13dd0f52fd016286f5f47c85246cb59517892df20bde403ac15611771cad03470f45d

  • SSDEEP

    49152:wWRsEXk0xyNKmY3XjU45iS7xrG+/G0Lf9xjVKScou/GQnzTT63lUmiLctkc:1RsXWyNjY3Xp5iSRG8PVKLPH8lOQf

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info

AES_key
1
61336230313034623836613861343364
AES_key
1
38633033633739633938386534313736

Signatures

Processes

  • com.nstar5machinemodules
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4936

Network

  • flag-us
    DNS
    84ece057f47629145b2ce8868523998a.com
    Remote address:
    1.1.1.1:53
    Request
    84ece057f47629145b2ce8868523998a.com
    IN A
    Response
  • flag-us
    DNS
    d0756a54092386522651ec5c4573f6bf.org
    Remote address:
    1.1.1.1:53
    Request
    d0756a54092386522651ec5c4573f6bf.org
    IN A
    Response
    d0756a54092386522651ec5c4573f6bf.org
    IN A
    188.40.187.129
  • flag-de
    POST
    https://d0756a54092386522651ec5c4573f6bf.org/
    Remote address:
    188.40.187.129:443
    Request
    POST / HTTP/2.0
    host: d0756a54092386522651ec5c4573f6bf.org
    cache-control: no-cache
    packets-sent: 4667942513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 404
    content-type: text/plain; charset=utf-8
    x-content-type-options: nosniff
    content-length: 19
    date: Mon, 20 Jan 2025 13:35:15 GMT
  • flag-us
    DNS
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    Remote address:
    1.1.1.1:53
    Request
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    Response
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    104.131.68.180
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    178.62.201.34
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    45.77.249.79
  • flag-us
    POST
    https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/
    Remote address:
    104.131.68.180:443
    Request
    POST / HTTP/2.0
    host: 8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    cache-control: no-cache
    packets-sent: 4667942513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 200
    content-length: 0
    date: Mon, 20 Jan 2025 13:35:16 GMT
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.169.8
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • flag-us
    POST
    https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/
    Remote address:
    104.131.68.180:443
    Request
    POST / HTTP/2.0
    host: 8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    cache-control: no-cache
    packets-sent: 6984891513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 200
    content-length: 0
    date: Mon, 20 Jan 2025 13:35:30 GMT
  • flag-us
    DNS
    g.tenor.com
    Remote address:
    1.1.1.1:53
    Request
    g.tenor.com
    IN A
    Response
    g.tenor.com
    IN CNAME
    tenor.googleapis.com
    tenor.googleapis.com
    IN A
    142.250.200.42
    tenor.googleapis.com
    IN A
    142.250.200.10
    tenor.googleapis.com
    IN A
    142.250.187.202
    tenor.googleapis.com
    IN A
    142.250.187.234
    tenor.googleapis.com
    IN A
    172.217.169.10
    tenor.googleapis.com
    IN A
    172.217.169.74
    tenor.googleapis.com
    IN A
    142.250.179.234
    tenor.googleapis.com
    IN A
    142.250.180.10
    tenor.googleapis.com
    IN A
    216.58.213.10
    tenor.googleapis.com
    IN A
    142.250.178.10
    tenor.googleapis.com
    IN A
    172.217.16.234
    tenor.googleapis.com
    IN A
    216.58.204.74
    tenor.googleapis.com
    IN A
    216.58.201.106
    tenor.googleapis.com
    IN A
    216.58.212.202
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    172.217.169.4
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
    Response
    mdh-pa.googleapis.com
    IN A
    216.58.212.234
    mdh-pa.googleapis.com
    IN A
    172.217.169.42
    mdh-pa.googleapis.com
    IN A
    142.250.200.42
    mdh-pa.googleapis.com
    IN A
    142.250.178.10
    mdh-pa.googleapis.com
    IN A
    172.217.169.10
    mdh-pa.googleapis.com
    IN A
    216.58.201.106
    mdh-pa.googleapis.com
    IN A
    216.58.213.10
    mdh-pa.googleapis.com
    IN A
    142.250.187.202
    mdh-pa.googleapis.com
    IN A
    142.250.179.234
    mdh-pa.googleapis.com
    IN A
    142.250.180.10
    mdh-pa.googleapis.com
    IN A
    172.217.169.74
    mdh-pa.googleapis.com
    IN A
    142.250.200.10
    mdh-pa.googleapis.com
    IN A
    142.250.187.234
    mdh-pa.googleapis.com
    IN A
    172.217.16.234
    mdh-pa.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
    Response
    safebrowsing.googleapis.com
    IN A
    142.250.187.234
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    172.217.169.14
  • flag-us
    DNS
    growth-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    growth-pa.googleapis.com
    IN A
    Response
    growth-pa.googleapis.com
    IN A
    216.58.204.74
    growth-pa.googleapis.com
    IN A
    216.58.212.202
    growth-pa.googleapis.com
    IN A
    142.250.179.234
    growth-pa.googleapis.com
    IN A
    142.250.178.10
    growth-pa.googleapis.com
    IN A
    142.250.187.202
    growth-pa.googleapis.com
    IN A
    142.250.200.10
    growth-pa.googleapis.com
    IN A
    216.58.201.106
    growth-pa.googleapis.com
    IN A
    142.250.180.10
    growth-pa.googleapis.com
    IN A
    172.217.16.234
    growth-pa.googleapis.com
    IN A
    172.217.169.42
    growth-pa.googleapis.com
    IN A
    172.217.169.74
    growth-pa.googleapis.com
    IN A
    142.250.187.234
    growth-pa.googleapis.com
    IN A
    142.250.200.42
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    173.194.76.84
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    108.177.15.84
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-us
    DNS
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    Remote address:
    1.1.1.1:53
    Request
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    Response
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    178.62.201.34
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    104.131.68.180
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    IN A
    45.77.249.79
  • flag-us
    DNS
    i.ytimg.com
    Remote address:
    1.1.1.1:53
    Request
    i.ytimg.com
    IN A
    Response
    i.ytimg.com
    IN A
    142.250.179.246
    i.ytimg.com
    IN A
    142.250.187.246
    i.ytimg.com
    IN A
    172.217.16.246
    i.ytimg.com
    IN A
    142.250.200.22
    i.ytimg.com
    IN A
    142.250.200.54
    i.ytimg.com
    IN A
    216.58.212.214
    i.ytimg.com
    IN A
    172.217.169.22
    i.ytimg.com
    IN A
    216.58.201.118
    i.ytimg.com
    IN A
    216.58.204.86
    i.ytimg.com
    IN A
    216.58.212.246
    i.ytimg.com
    IN A
    216.58.213.22
    i.ytimg.com
    IN A
    142.250.180.22
    i.ytimg.com
    IN A
    172.217.169.86
    i.ytimg.com
    IN A
    142.250.178.22
    i.ytimg.com
    IN A
    142.250.187.214
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.228
  • 188.40.187.129:443
    https://d0756a54092386522651ec5c4573f6bf.org/
    tls, http2
    10.1kB
     3.1kB
     16
    18

    HTTP Request

    POST https://d0756a54092386522651ec5c4573f6bf.org/

    HTTP Response

    404
  • 104.131.68.180:443
    https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/
    tls, http2
    10.1kB
     2.0kB
     15
    16

    HTTP Request

    POST https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/

    HTTP Response

    200
  • 172.217.169.8:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.3kB
     11
    10
  • 142.250.187.206:443
    tls, https
    857 B
     40 B
     1
    1
  • 216.58.204.78:443
    android.apis.google.com
    tls
    2.0kB
     6.1kB
     11
    12
  • 104.131.68.180:443
    https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/
    tls, http2
    10.1kB
     2.0kB
     15
    16

    HTTP Request

    POST https://8b230a871b7f1ff2a1ad9f9c07d6e67a.info/

    HTTP Response

    200
  • 172.217.16.238:443
    520 B
     10
  • 142.250.179.226:443
    520 B
     10
  • 142.250.180.4:443
    520 B
     10
  • 142.250.187.227:443
    520 B
     10
  • 142.250.187.227:443
    520 B
     10
  • 142.250.187.227:443
    520 B
     10
  • 173.194.76.188:5228
    468 B
     9
  • 216.239.36.223:443
    520 B
     10
  • 216.239.36.223:443
    520 B
     10
  • 142.250.200.42:443
    g.tenor.com
    tls
    1.8kB
     8.1kB
     13
    15
  • 142.250.187.202:443
    semanticlocation-pa.googleapis.com
    tls
    1.9kB
     6.0kB
     14
    12
  • 172.217.169.4:443
    www.google.com
    tls
    10.3kB
     12.3kB
     40
    46
  • 172.217.169.4:443
    www.google.com
    tls
    1.0kB
     5.1kB
     9
    8
  • 216.58.204.78:443
    android.apis.google.com
    tls
    6.1kB
     9.6kB
     25
    24
  • 104.131.68.180:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.1kB
     1.9kB
     15
    15
  • 104.131.68.180:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.2kB
     1.6kB
     16
    17
  • 104.131.68.180:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.1kB
     2.1kB
     15
    19
  • 142.250.180.14:443
    www.youtube.com
    tls
    2.0kB
     8.4kB
     16
    16
  • 216.58.204.74:443
    growth-pa.googleapis.com
    tls
    2.2kB
     5.8kB
     16
    15
  • 108.177.15.84:443
    accounts.google.com
    tls
    2.0kB
     7.5kB
     17
    17
  • 104.131.68.180:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.0kB
     1.9kB
     14
    14
  • 142.250.187.196:443
    www.google.com
    tls
    1.4kB
     5.5kB
     11
    12
  • 178.62.201.34:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.1kB
     1.9kB
     15
    15
  • 142.250.178.10:443
    semanticlocation-pa.googleapis.com
    tls
    1.7kB
     5.9kB
     11
    11
  • 142.250.179.246:443
    i.ytimg.com
    tls
    1.5kB
     5.9kB
     12
    11
  • 142.250.187.206:443
    android.apis.google.com
    tls
    6.0kB
     9.5kB
     28
    27
  • 142.250.187.228:443
    www.google.com
    tls
    7.9kB
     7.3kB
     24
    28
  • 142.250.187.228:443
    www.google.com
    tls
    1.1kB
     5.1kB
     10
    7
  • 178.62.201.34:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.0kB
     1.8kB
     13
    12
  • 178.62.201.34:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.2kB
     2.1kB
     16
    18
  • 178.62.201.34:443
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    tls
    10.0kB
     2.0kB
     13
    16
  • 224.0.0.251:5353
    7.3kB
     24
  • 1.1.1.1:53
    84ece057f47629145b2ce8868523998a.com
    dns
    82 B
     155 B
     1
    1

    DNS Request

    84ece057f47629145b2ce8868523998a.com

  • 1.1.1.1:53
    d0756a54092386522651ec5c4573f6bf.org
    dns
    82 B
     98 B
     1
    1

    DNS Request

    d0756a54092386522651ec5c4573f6bf.org

    DNS Response

    188.40.187.129

  • 1.1.1.1:53
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    dns
    83 B
     131 B
     1
    1

    DNS Request

    8b230a871b7f1ff2a1ad9f9c07d6e67a.info

    DNS Response

    104.131.68.180
    178.62.201.34
    45.77.249.79

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.169.8

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

  • 1.1.1.1:53
    g.tenor.com
    dns
    57 B
     312 B
     1
    1

    DNS Request

    g.tenor.com

    DNS Response

    142.250.200.42
    142.250.200.10
    142.250.187.202
    142.250.187.234
    172.217.169.10
    172.217.169.74
    142.250.179.234
    142.250.180.10
    216.58.213.10
    142.250.178.10
    172.217.16.234
    216.58.204.74
    216.58.201.106
    216.58.212.202

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     336 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.187.202
    216.58.212.234
    216.58.201.106
    142.250.200.10
    172.217.16.234
    142.250.187.234
    172.217.169.74
    216.58.212.202
    172.217.169.42
    216.58.213.10
    216.58.204.74
    142.250.179.234
    142.250.180.10
    142.250.200.42
    142.250.178.10
    172.217.169.10

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    172.217.169.4

  • 172.217.169.4:443
    www.google.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    mdh-pa.googleapis.com
    dns
    67 B
     307 B
     1
    1

    DNS Request

    mdh-pa.googleapis.com

    DNS Response

    216.58.212.234
    172.217.169.42
    142.250.200.42
    142.250.178.10
    172.217.169.10
    216.58.201.106
    216.58.213.10
    142.250.187.202
    142.250.179.234
    142.250.180.10
    172.217.169.74
    142.250.200.10
    142.250.187.234
    172.217.16.234
    216.58.204.74

  • 1.1.1.1:53
    safebrowsing.googleapis.com
    dns
    73 B
     89 B
     1
    1

    DNS Request

    safebrowsing.googleapis.com

    DNS Response

    142.250.187.234

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     351 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.180.14
    142.250.200.14
    142.250.200.46
    142.250.179.238
    172.217.169.78
    216.58.204.78
    216.58.201.110
    142.250.178.14
    216.58.212.206
    172.217.16.238
    216.58.213.14
    142.250.187.238
    216.58.212.238
    172.217.169.46
    142.250.187.206
    172.217.169.14

  • 142.250.180.14:443
    www.youtube.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    growth-pa.googleapis.com
    dns
    70 B
     278 B
     1
    1

    DNS Request

    growth-pa.googleapis.com

    DNS Response

    216.58.204.74
    216.58.212.202
    142.250.179.234
    142.250.178.10
    142.250.187.202
    142.250.200.10
    216.58.201.106
    142.250.180.10
    172.217.16.234
    172.217.169.42
    172.217.169.74
    142.250.187.234
    142.250.200.42

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    173.194.76.84

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    108.177.15.84

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

  • 1.1.1.1:53
    8b230a871b7f1ff2a1ad9f9c07d6e67a.info
    dns
    83 B
     131 B
     1
    1

    DNS Request

    8b230a871b7f1ff2a1ad9f9c07d6e67a.info

    DNS Response

    178.62.201.34
    104.131.68.180
    45.77.249.79

  • 1.1.1.1:53
    i.ytimg.com
    dns
    57 B
     297 B
     1
    1

    DNS Request

    i.ytimg.com

    DNS Response

    142.250.179.246
    142.250.187.246
    172.217.16.246
    142.250.200.22
    142.250.200.54
    216.58.212.214
    172.217.169.22
    216.58.201.118
    216.58.204.86
    216.58.212.246
    216.58.213.22
    142.250.180.22
    172.217.169.86
    142.250.178.22
    142.250.187.214

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.178.10
    216.58.212.234
    172.217.169.42
    216.58.201.106
    216.58.204.74
    142.250.187.234
    142.250.200.10
    142.250.179.234
    172.217.169.74
    142.250.187.202
    172.217.169.10
    142.250.200.42
    142.250.180.10
    172.217.16.234

  • 142.250.179.246:443
    i.ytimg.com
    https
    1.5kB
     49 B
     2
    1
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.228

  • 142.250.187.228:443
    www.google.com
    https
    1.5kB
     49 B
     2
    1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nstar5machinemodules/.global.com.nstar5machinemodules
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.nstar5machinemodules/files/.m
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.nstar5machinemodules/oat/x86_64/Anonymous-DexFile@3065293005.vdex
    Filesize

    167B

    MD5

    f5887377d3ab72ecb8496a054394a36c

    SHA1

    7830ebb71feb3a36a1d23936863a8fb25b180390

    SHA256

    8f2c3671bac39fcdbad998f3a28ed04df89c521d4194a8e7e2b8c166abe9fe39

    SHA512

    8bec063108da1668401fff373ee7d5a920acfc5683b5082313a57a955691aa5ff477b2d65f7837780704bf21a1096ddc3193bcda948f17dc604d1eac92e3b7e6

    Download Submit

  • /data/user/0/com.nstar5machinemodules/Anonymous-DexFile@3065293005.jar
    Filesize

    526KB

    MD5

    0ca0ac7aaa3bdf2153febb80fc2318aa

    SHA1

    7dd749da58a973266c035aefb762dc9c0d7b42e3

    SHA256

    87df9c07bdd2706460228a00c7dc5bf75493d89b8606506f93c24e21aa7e8ee3

    SHA512

    4f4efd3a13771b5442c949f4cc1fb2baf20e76653968f2bd1b62bb6a141f69ef13c2de4d5fb4170b3f2fdc29e2d9e0fb4ce90e9e6c662e9443070d998b194a7b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.