Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

android-9-x86

1

https://www.mediafir...

android-10-x64

1

https://www.mediafir...

android-11-x64

10

Analysis

  • max time kernel
    576s
  • max time network
    603s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    26/01/2025, 18:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/nudqui5lxmksqa7/Lyricify_1.4.3_by_xiaomicustom.apk/file

Score
1/10

Malware Config

Signatures

Processes

  • com.android.chrome
    1⤵
    • Checks CPU information
    • Checks memory information
    PID:4900

Network

  • flag-au
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    74.125.133.84
  • flag-au
    DNS
    www.mediafire.com
    Remote address:
    1.1.1.1:53
    Request
    www.mediafire.com
    IN A
    Response
    www.mediafire.com
    IN A
    104.17.150.117
    www.mediafire.com
    IN A
    104.17.151.117
  • flag-au
    DNS
    the.gatekeeperconsent.com
    Remote address:
    1.1.1.1:53
    Request
    the.gatekeeperconsent.com
    IN A
    Response
    the.gatekeeperconsent.com
    IN A
    104.21.42.32
    the.gatekeeperconsent.com
    IN A
    172.67.199.186
  • flag-au
    DNS
    static.mediafire.com
    Remote address:
    1.1.1.1:53
    Request
    static.mediafire.com
    IN A
    Response
    static.mediafire.com
    IN A
    104.17.150.117
    static.mediafire.com
    IN A
    104.17.151.117
  • flag-au
    DNS
    static.cloudflareinsights.com
    Remote address:
    1.1.1.1:53
    Request
    static.cloudflareinsights.com
    IN A
    Response
    static.cloudflareinsights.com
    IN A
    104.16.80.73
    static.cloudflareinsights.com
    IN A
    104.16.79.73
  • flag-au
    DNS
    privacy.gatekeeperconsent.com
    Remote address:
    1.1.1.1:53
    Request
    privacy.gatekeeperconsent.com
    IN A
    Response
    privacy.gatekeeperconsent.com
    IN A
    104.21.42.32
    privacy.gatekeeperconsent.com
    IN A
    172.67.199.186
  • flag-au
    DNS
    cdn.amplitude.com
    Remote address:
    1.1.1.1:53
    Request
    cdn.amplitude.com
    IN A
    Response
    cdn.amplitude.com
    IN A
    18.154.84.124
    cdn.amplitude.com
    IN A
    18.154.84.60
    cdn.amplitude.com
    IN A
    18.154.84.20
    cdn.amplitude.com
    IN A
    18.154.84.84
  • flag-au
    DNS
    sandbox.mediafire.com
    Remote address:
    1.1.1.1:53
    Request
    sandbox.mediafire.com
    IN A
    Response
    sandbox.mediafire.com
    IN A
    104.17.151.117
    sandbox.mediafire.com
    IN A
    104.17.150.117
  • flag-au
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.200.8
  • flag-au
    DNS
    clients1.google.com
    Remote address:
    1.1.1.1:53
    Request
    clients1.google.com
    IN A
    Response
    clients1.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • flag-au
    DNS
    api.amplitude.com
    Remote address:
    1.1.1.1:53
    Request
    api.amplitude.com
    IN A
    Response
    api.amplitude.com
    IN A
    44.236.228.226
    api.amplitude.com
    IN A
    44.225.234.85
    api.amplitude.com
    IN A
    52.38.179.198
    api.amplitude.com
    IN A
    52.26.141.115
    api.amplitude.com
    IN A
    34.218.178.30
    api.amplitude.com
    IN A
    52.25.4.214
    api.amplitude.com
    IN A
    52.33.171.48
    api.amplitude.com
    IN A
    34.218.105.82
  • flag-au
    DNS
    region1.analytics.google.com
    Remote address:
    1.1.1.1:53
    Request
    region1.analytics.google.com
    IN A
    Response
    region1.analytics.google.com
    IN A
    216.239.32.36
    region1.analytics.google.com
    IN A
    216.239.34.36
  • flag-au
    DNS
    stats.g.doubleclick.net
    Remote address:
    1.1.1.1:53
    Request
    stats.g.doubleclick.net
    IN A
    Response
    stats.g.doubleclick.net
    IN A
    64.233.167.155
    stats.g.doubleclick.net
    IN A
    64.233.167.156
    stats.g.doubleclick.net
    IN A
    64.233.167.154
    stats.g.doubleclick.net
    IN A
    64.233.167.157
  • flag-au
    DNS
    www.google.co.uk
    Remote address:
    1.1.1.1:53
    Request
    www.google.co.uk
    IN A
  • flag-au
    DNS
    www.google.co.uk
    Remote address:
    1.1.1.1:53
    Request
    www.google.co.uk
    IN A
    Response
    www.google.co.uk
    IN A
    172.217.16.227
  • flag-au
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    172.217.169.67
  • flag-gb
    POST
    https://update.googleapis.com/service/update2
    Remote address:
    172.217.169.67:443
    Request
    POST /service/update2 HTTP/1.1
    Content-Length: 657
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: update.googleapis.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy: script-src 'report-sample' 'none';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Sun, 26 Jan 2025 18:57:54 GMT
    Content-Type: text/xml; charset=UTF-8
    X-Daynum: 6600
    X-Daystart: 39474
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-au
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.180.3
  • 74.125.133.84:443
    accounts.google.com
    tls
    2.0kB
     7.3kB
     17
    14
  • 104.17.150.117:443
    www.mediafire.com
    tls
    28.1kB
     229.2kB
     181
    244
  • 104.17.150.117:443
    www.mediafire.com
    tls
    1.1kB
     6.3kB
     9
    8
  • 104.21.42.32:443
    the.gatekeeperconsent.com
    tls
    3.4kB
     47.3kB
     43
    50
  • 104.16.80.73:443
    static.cloudflareinsights.com
    tls
    1.9kB
     11.4kB
     16
    22
  • 104.21.42.32:443
    privacy.gatekeeperconsent.com
    tls
    1.8kB
     4.3kB
     14
    12
  • 18.154.84.124:443
    cdn.amplitude.com
    tls
    2.3kB
     29.5kB
     24
    30
  • 142.250.200.8:443
    ssl.google-analytics.com
    tls
    1.5kB
     6.4kB
     12
    11
  • 142.250.200.14:443
    clients1.google.com
    tls
    1.8kB
     8.4kB
     15
    15
  • 44.236.228.226:443
    api.amplitude.com
    tls
    6.5kB
     6.6kB
     19
    16
  • 216.239.32.36:443
    region1.analytics.google.com
    tls
    2.2kB
     6.8kB
     13
    14
  • 64.233.167.155:443
    stats.g.doubleclick.net
    tls
    1.9kB
     6.4kB
     14
    14
  • 172.217.16.227:443
    www.google.co.uk
    tls
    2.0kB
     6.2kB
     14
    16
  • 172.217.169.67:443
    https://update.googleapis.com/service/update2
    tls, http
    2.3kB
     6.7kB
     13
    10

    HTTP Request

    POST https://update.googleapis.com/service/update2

    HTTP Response

    200
  • 142.250.180.14:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    6.6kB
     10.3kB
     19
    30
  • 172.217.16.228:443
    tls, https
    429 B
     40 B
     2
    1
  • 172.217.16.228:443
    www.google.com
    tls
    8.4kB
     10.7kB
     27
    39
  • 216.58.213.10:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 142.250.200.34:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.201.99:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.58.201.99:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.58.201.99:443
    tls, https
    128 B
     40 B
     2
    1
  • 142.250.180.3:443
    update.googleapis.com
    tls
    5.4kB
     9.3kB
     23
    29
  • 142.250.179.238:443
    520 B
     10
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    74.125.133.84

  • 1.1.1.1:53
    www.mediafire.com
    dns
    63 B
     95 B
     1
    1

    DNS Request

    www.mediafire.com

    DNS Response

    104.17.150.117
    104.17.151.117

  • 1.1.1.1:53
    the.gatekeeperconsent.com
    dns
    71 B
     103 B
     1
    1

    DNS Request

    the.gatekeeperconsent.com

    DNS Response

    104.21.42.32
    172.67.199.186

  • 1.1.1.1:53
    static.mediafire.com
    dns
    66 B
     98 B
     1
    1

    DNS Request

    static.mediafire.com

    DNS Response

    104.17.150.117
    104.17.151.117

  • 1.1.1.1:53
    static.cloudflareinsights.com
    dns
    75 B
     107 B
     1
    1

    DNS Request

    static.cloudflareinsights.com

    DNS Response

    104.16.80.73
    104.16.79.73

  • 1.1.1.1:53
    privacy.gatekeeperconsent.com
    dns
    75 B
     107 B
     1
    1

    DNS Request

    privacy.gatekeeperconsent.com

    DNS Response

    104.21.42.32
    172.67.199.186

  • 1.1.1.1:53
    cdn.amplitude.com
    dns
    63 B
     127 B
     1
    1

    DNS Request

    cdn.amplitude.com

    DNS Response

    18.154.84.124
    18.154.84.60
    18.154.84.20
    18.154.84.84

  • 1.1.1.1:53
    sandbox.mediafire.com
    dns
    67 B
     99 B
     1
    1

    DNS Request

    sandbox.mediafire.com

    DNS Response

    104.17.151.117
    104.17.150.117

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.200.8

  • 1.1.1.1:53
    clients1.google.com
    dns
    65 B
     105 B
     1
    1

    DNS Request

    clients1.google.com

    DNS Response

    142.250.200.14

  • 1.1.1.1:53
    api.amplitude.com
    dns
    63 B
     191 B
     1
    1

    DNS Request

    api.amplitude.com

    DNS Response

    44.236.228.226
    44.225.234.85
    52.38.179.198
    52.26.141.115
    34.218.178.30
    52.25.4.214
    52.33.171.48
    34.218.105.82

  • 1.1.1.1:53
    region1.analytics.google.com
    dns
    74 B
     106 B
     1
    1

    DNS Request

    region1.analytics.google.com

    DNS Response

    216.239.32.36
    216.239.34.36

  • 1.1.1.1:53
    stats.g.doubleclick.net
    dns
    69 B
     133 B
     1
    1

    DNS Request

    stats.g.doubleclick.net

    DNS Response

    64.233.167.155
    64.233.167.156
    64.233.167.154
    64.233.167.157

  • 1.1.1.1:53
    www.google.co.uk
    dns
    62 B
     1

    DNS Request

    www.google.co.uk

  • 1.1.1.1:53
    www.google.co.uk
    dns
    62 B
     78 B
     1
    1

    DNS Request

    www.google.co.uk

    DNS Response

    172.217.16.227

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    172.217.169.67

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.180.3

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • files/dom-0.html

    Filesize

    241KB

    MD5

    74abaeae7bc13dbff509106fdcbc4cdb

    SHA1

    f7a44579539425ef1d5ffd1dcc286799ef9dfe84

    SHA256

    e1d7f39692b1c4867f496e8faf1de9437dcd8934ac591aaf0bcb011b71b3635a

    SHA512

    462c5fca642dd44412f3575aa14d68123921339deeee56f68ad5fdd92e4547ab0047cc09d6f1798465b265efe284f93ca91942193c4a83af8306067df54d05bb

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.