Overview

overview

10

Static

static

10

92c3337b3d...3c.apk

android-9-x86

7

92c3337b3d...3c.apk

android-13-x64

7

Analysis

  • max time kernel
    17s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    01/02/2025, 02:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c.apk

  • Size

    3.6MB

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score
7/10
bankerdiscovery

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery

Processes

  • com.systemservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    PID:4341

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-au
    DNS
    protocol-a100.phoneparental.com
    Remote address:
    1.1.1.1:53
    Request
    protocol-a100.phoneparental.com
    IN A
    Response
    protocol-a100.phoneparental.com
    IN A
    104.21.16.1
    protocol-a100.phoneparental.com
    IN A
    104.21.112.1
    protocol-a100.phoneparental.com
    IN A
    104.21.48.1
    protocol-a100.phoneparental.com
    IN A
    104.21.96.1
    protocol-a100.phoneparental.com
    IN A
    104.21.32.1
    protocol-a100.phoneparental.com
    IN A
    104.21.64.1
    protocol-a100.phoneparental.com
    IN A
    104.21.80.1
  • flag-us
    GET
    http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts
    Remote address:
    104.21.16.1:80
    Request
    GET /protocols/get-brand-info.aspx?brand_info=tts HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 13; sdk_gphone_x86_64 Build/TE1A.220922.033)
    Host: protocol-a100.phoneparental.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sat, 01 Feb 2025 02:30:09 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: private
    Vary: Accept-Encoding
    Set-Cookie: ASP.NET_SessionId=tjxvm05gm1ibaieiia503h1e; path=/; HttpOnly; SameSite=Lax
    X-AspNetMvc-Version: 5.2
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5iLUaWFvdChX7vDDBsjOG%2F%2BvTWDPgWRVyDwoVK%2FsLJNDR6Ht9bvoen%2BVP9tEbz54UtMPOIehH9cf%2FG5sNSRIJ1QWal0a9L4X1e0Q0HuYofaO6VzVAoooRHLobBnTPHevgnGbT9QY6Vii589YM1YPAac"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 90ae84969a46f2e8-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=39181&min_rtt=39181&rtt_var=19590&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=238&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-au
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
    rcs-acs-tmo-us.jibe.google.com
    IN A
    216.239.36.155
  • flag-au
    DNS
    remoteprovisioning.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    remoteprovisioning.googleapis.com
    IN A
    Response
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.234
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.202
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.42
    remoteprovisioning.googleapis.com
    IN A
    142.250.179.234
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.74
    remoteprovisioning.googleapis.com
    IN A
    216.58.201.106
    remoteprovisioning.googleapis.com
    IN A
    216.58.204.74
    remoteprovisioning.googleapis.com
    IN A
    142.250.180.10
    remoteprovisioning.googleapis.com
    IN A
    216.58.212.234
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.42
    remoteprovisioning.googleapis.com
    IN A
    172.217.16.234
    remoteprovisioning.googleapis.com
    IN A
    142.250.178.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.10
  • 142.250.187.228:443
    www.google.com
    tls
    971 B
     4.6kB
     8
    6
  • 142.250.187.206:443
    android.apis.google.com
    tls
    3.3kB
     7.0kB
     14
    13
  • 104.21.16.1:80
    http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts
    http
    506 B
     1.9kB
     5
    4

    HTTP Request

    GET http://protocol-a100.phoneparental.com/protocols/get-brand-info.aspx?brand_info=tts

    HTTP Response

    200
  • 216.58.212.206:443
    tls, https
    371 B
     40 B
     1
    1
  • 216.239.36.155:443
    rcs-acs-tmo-us.jibe.google.com
    tls
    1.5kB
     7.0kB
     11
    12
  • 142.250.187.238:443
    tls, https
    1.2kB
     40 B
     3
    1
  • 142.250.187.238:443
    android.apis.google.com
    tls
    2.9kB
     6.9kB
     18
    15
  • 172.217.169.10:443
    remoteprovisioning.googleapis.com
    tls
    3.5kB
     13.5kB
     15
    16
  • 162.159.61.3:443
    tls, https
    409 B
     40 B
     3
    1
  • 162.159.61.3:443
    chrome.cloudflare-dns.com
    tls
    2.0kB
     5.1kB
     16
    13
  • 142.250.200.3:443
    update.googleapis.com
    tls
    5.0kB
     10.7kB
     21
    18
  • 142.250.187.228:443
    www.google.com
    tls
    5.0kB
     16.7kB
     30
    33
  • 142.250.178.4:443
    tls, https
    327 B
     40 B
     2
    1
  • 142.250.178.4:443
    www.google.com
    tls
    1.9kB
     7.2kB
     17
    16
  • 142.250.187.228:443
    https
    144 B
     70 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    protocol-a100.phoneparental.com
    dns
    77 B
     189 B
     1
    1

    DNS Request

    protocol-a100.phoneparental.com

    DNS Response

    104.21.16.1
    104.21.112.1
    104.21.48.1
    104.21.96.1
    104.21.32.1
    104.21.64.1
    104.21.80.1

  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     92 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

    DNS Response

    216.239.36.155

  • 1.1.1.1:53
    remoteprovisioning.googleapis.com
    dns
    79 B
     303 B
     1
    1

    DNS Request

    remoteprovisioning.googleapis.com

    DNS Response

    172.217.169.10
    142.250.187.234
    142.250.187.202
    142.250.200.42
    142.250.179.234
    172.217.169.74
    216.58.201.106
    216.58.204.74
    142.250.180.10
    216.58.212.234
    172.217.169.42
    172.217.16.234
    142.250.178.10
    142.250.200.10

  • 162.159.61.3:443
    https
    3.4kB
     4.9kB
     10
    11
  • 142.250.200.3:443
    https
    24.5kB
     15.7kB
     60
    76
  • 142.250.187.228:443
    https
    4.8kB
     10.1kB
     31
    27

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events
    Filesize

    56KB

    MD5

    388c0ac5c6970ecd264d65052142c297

    SHA1

    d727a4e68dc309a94c3b895aa8d6ae733f84db4c

    SHA256

    487bb93b305dadcc8ec9875ae132dbb90d15fd7c82857ec5b77d548bb49f4722

    SHA512

    746ace37662d3b0874ba039aba5b6a8caaebd05c947ebcd4d7256a9dbcbd225725b1904c4f14e44fb8f0b110c2f8d08a9db1b4b4f97cdf1a9e17d3f7861bdd89

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    8e11ab17cf0949a75cb2f88a3bf6cde1

    SHA1

    a45414bcf74fa8e8c1ca9b733d85e1bec61518bd

    SHA256

    7d80ba831fd65ccd815c607f77c09b9c74c851f98a3c562cd2664504d21f5028

    SHA512

    6457d13de62de41dd46a696365cac42a9eb88b7bad7ac6c970a3cd6fcc5c3873c3ed09f082d8191ac9e65df42fcfb8c054a2bebc3fa13ad67f2e64f20253cffc

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    ba357a16b02d09287e8cb37def7ac770

    SHA1

    234433b6811239b5b860a27d5576de68f955aa56

    SHA256

    46e908695b42cfb0ca424a538bf2fb4d6a0121287d0ab04891df557e0c235614

    SHA512

    b2412f745b00761357ee11e2efc81f54bf483a99a34e982e7932634c376af35270af4d1258e61c5e4e7bc2244e5ee108c284056d8aa15988ef3d0135d8b2042d

    Download Submit

  • /data/data/com.systemservice/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    83df7e288050f8fdbbfec74874e8f9f2

    SHA1

    cfb90e8b109b8a606b92c4e118afae1a9ac58238

    SHA256

    f086a0d7e77d1264ef42fbb62813cd4327b694adbb707b164966db9ecc8f40ec

    SHA512

    7a96396fb87e53032e1cddf0bcd347d02867fb9a4351a2561bda607bca7e21c490d0c56802af8915d0ab36600a5f253c2d91daaa57450eb5a75edb6b3f58a47e

    Download Submit

  • /data/data/com.systemservice/databases/core.db
    Filesize

    36KB

    MD5

    045489a0639eee27bca52f48828cd93d

    SHA1

    436e7966e7c019273c44faa4d8c5709b816dfda3

    SHA256

    0151eae0eec786abb19ab59d7361b3291ae98411fae12cbbdfecd1612e16996e

    SHA512

    c8739a723a8648b0e380b946a97fb6cd83d6c4769ec3679bf4bc003ad0049ff5cccfc8f75a6ea272feced0020b13d3129f792f0f22cf442f0d0127f399eba22e

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    62ad4a05cbdca7f47b3206b7dbda487f

    SHA1

    4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

    SHA256

    18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

    SHA512

    0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    8ee50fbead78226bdf914f74e4698676

    SHA1

    88b3356b43d6a8e34e1835126c7edb0f1eed9fef

    SHA256

    eb47631529e9bd14a36dcb71d060dd14582d09e48b3cc57b443ab0e457de22df

    SHA512

    635647caa20224e831db58a0f2b23a23dd44ae2e840b54fa842124b4490fe9d6b9a4506f495df57c52424a78ae86a0dbe956512796d88ce5105a54817de0c2fa

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    4507ac85718464b4c8461e8859e6cb63

    SHA1

    5c7511d49d4b39d9c0c01cd7bdfc3571a73c3188

    SHA256

    6af3ef26d665f1cdfadaf1639ee6a382a7a853b58c56b917f6b132f495b0e988

    SHA512

    6926e78068423eaa53ddb6df777ce3a7684d1e67caba783576fed0564843ba7ed29026910b514b047f839403e8a5fa4f96c076d854a97e298e0bab30285ae067

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    8ac247dbc986e901402efcb867e805d0

    SHA1

    a5e890a450b8f72eadab7be511c87b8388e03eb4

    SHA256

    56c6b03a29b24e714164408292b37d1596cb34b4714dcfc899caf4c2eefe31f3

    SHA512

    1c5e897cfdde378fd414b67f34453dee45f33e068787d56d69d4d59908e56756c5bfd1cc13f76fd6e1976ebdb078c888051f83804ea9a11e8aa9ac23f7bdf3c5

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    4aefb6a6627f602a4d9131c47993a21d

    SHA1

    4ba00431d8b8bf9f46765ef6c0eba8715d0e688c

    SHA256

    0e6fd772c6c8a6e9f6ad5c577c38278e2a02f9a28343e9744e9099d42f12e9d2

    SHA512

    41c9b0b9422039ba883559f54445384bf03e3c4b4f8812adf4088dc223f827275b7ad76b62742a63e232cf69c5e0f7de034e91e58b1b20ada7eb989d78027dc1

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    e3f13c7d7678604e5b293f6672bc0ed1

    SHA1

    b16c998ac7ca1db79cd4983b207a292ac1d96e21

    SHA256

    486eb5bec4ec277ea7b334a0d0e431e5e62881d3462903e8294640edbe96b2e3

    SHA512

    b63bab85a373912587e78dfc9daf8b4168a223c7af08fb87de8140d66b9f35042052d2d25694e4ea7c9f2064107e5471318b6dcec39c4e3dc0aa352627fa09f4

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    c7ce0fbef5cd53ce2a0170a24bb5afed

    SHA1

    ee1e63460dbfa83c0013b4da3bd80328050a1d03

    SHA256

    918fd1e8337f4e88add3edcd6863f564a34142f4de0f5e96b4662c050794cc3a

    SHA512

    ea04ac48fb62b9b6cd4884982fcd31e6c15da628d981d3dee229b37758820a2f11ad07d22bda3515520f947a413df7e1e3e5f7e9e32df618d3d7ea093636aab7

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    cabf1607490c545fe7c5e65c4a2533f9

    SHA1

    3bf85d638d1b4066a55b3614721d42310df5aaa8

    SHA256

    bb9e2155672b1b6916b1d46e4ee47f8e1a7c46d96f0c264fcbd70a19f318e7c1

    SHA512

    ec02e9872722ef052db2437480c7e4a72f526fc2be1357de4148748ae733d66317e8ab60a22adf5b90f26dddac0179b9c9aec96d4453f1dee0aeaab9b744554a

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    4KB

    MD5

    ad6882977e61c092360189255135289d

    SHA1

    6ab87a32eced221e943e98a65b326813902f43b4

    SHA256

    aad7f8f5ba56c0aeaf84091ca4270dd7300b06ce123a392f14bf5bada354c49f

    SHA512

    bb026386bbb1f23537c45e914a3b8479d3f1857097b8d286228c52e78775a7364b301ce56b30837f246ca9255546a053eb4e5c6da320d31b4f09e92274477ef4

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    7bb0a7523348c594199fb04b7644ef81

    SHA1

    1d3810b4154b79272f864e991ce30cc5c74df669

    SHA256

    6ee0098b4e10d6a830c5779a443eac061dffde5e4df5f00a32dd454026073f61

    SHA512

    8e02e75b6e0888b5a4772773ad54dd4e954ba328779bc051784db5af6d155d5a7390bb68f1f885b05f90c3a94289dc31270680f1802aba7fa82fa199a304cb7b

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    182aeb51173cab17834c1a029d0a72a7

    SHA1

    e7f9c9c28e21a5097b62c13cfea1c29f3d497498

    SHA256

    530f77fbadfebe11b3ead6c0592de0b8fb0d8f29e2da51ee5c05614aaf55ea54

    SHA512

    054d260b141f69f8b46cf1322d26b01f5d177915b6228d0704ca72f9fa541b93f671139be207e022c26ab94021bcb2472e197572a3bfe540f5b61826a33cb605

    Download Submit

  • /data/data/com.systemservice/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    e68cce8e63e0f32f9d1ac49d3ef38ea7

    SHA1

    412c95490b8639785b5f8da94bd577a9d471e541

    SHA256

    f7a95f286a01b950770554fbeaa0a6d1df7912370a7aea9643695cf65c455f8e

    SHA512

    104183118942d9c7635fa58531a68e50aa4de9c72c5ccc80bb0173d61dd6320504df6f81c7a83f5570568cc18c19e5c53551de2084e29c2b1990fa75759ac4cf

    Download Submit

  • /data/data/com.systemservice/files/PersistedInstallation4761187357531879803tmp
    Filesize

    90B

    MD5

    d189594fd8965a6d3af1744b1ba46155

    SHA1

    c0fef5e84564db95fe92be2ba62b3694817bf001

    SHA256

    3f0aac8e2c4b82fdc086f1d2430c9d5d3730d8c3b6e24922d527586ac67d91a0

    SHA512

    8fefdbf21d1b050ecea4b0351f32308a5ea516dbd6f22340459b3f84db10db141d249a1531d008f54546049954687cdd192367923329321e5d9d43c0a193c374

    Download Submit

  • /data/data/com.systemservice/files/PersistedInstallation4812550861959105815tmp
    Filesize

    556B

    MD5

    6806e14da3e89a30fc9c95c176583096

    SHA1

    39a49da987c147678ecd4567f51ea41b71c41d1b

    SHA256

    2b91191f04d46baadf957b36b7b29ac8ff31dc9f86ee2640327dbe5860f2d7b1

    SHA512

    03d9a4de8b97db444d6695c3ce238acf4fff09914f5eacf2ef4e395064e80cc11aaaf02e3488790c5b1de7b50fa3f724fe4a7697a373c52718e8072935aff80b

    Download Submit

  • /data/data/com.systemservice/log/log4j.txt
    Filesize

    3KB

    MD5

    22f1c107d115ddce40d24f1943d4abb1

    SHA1

    93fcc5abb31c0c95d154f58c4e1c7e9c8a38a40c

    SHA256

    aa04adc1e6cbf13c09017cd1aaf2403f6f17615881b54eb550fe290cbcbe46ea

    SHA512

    ac56ea53a87e79b83b693a0e38ea3e3d6f00426205a6747fe3f6b44f67e343fb6690159b0a03f3448e17107316de04f15a451dde066480af177e7b9072c9e648

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.