Overview

overview

10

Static

static

6

TikTok18.apk

android-9-x86

7

TikTok18.apk

android-10-x64

7

TikTok18.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    24/02/2025, 10:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TikTok18.apk

  • Size

    11.2MB

  • MD5

    f20e95261bf244f7b7c8df748fd7885d

  • SHA1

    2a5ceeaba1825ccc1c8cdaf86cd0fb6827c3f4f5

  • SHA256

    81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

  • SHA512

    e739a635a19efb641deb6645134084b3dea2ca8d665cd6c2103a10ed1b85b4a7e990aff6c60d76487ed4a23c3cdeb4db1da92d9b0e42987d674b1077bfd20f40

  • SSDEEP

    196608:veGPrPXn8o57/mOCq3LoFfret42buc+qiwh+siRjugUU55zmjeQM5QPYCy2LcD:ve2b8oN/tR3Lkry42bYqii+syjbUUvsM

Score
7/10
collectioncredential_accessevasionimpact

Malware Config

Signatures

Processes

  • jueshv.ogktoc.afeufh
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Checks CPU information
    • Checks memory information
    PID:4490

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.213.14
  • flag-au
    DNS
    api.ipify.org
    Remote address:
    1.1.1.1:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN A
    172.67.74.152
    api.ipify.org
    IN A
    104.26.12.205
    api.ipify.org
    IN A
    104.26.13.205
  • flag-us
    GET
    https://api.ipify.org/
    Remote address:
    172.67.74.152:443
    Request
    GET / HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: api.ipify.org
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Mon, 24 Feb 2025 10:25:08 GMT
    Content-Type: text/plain
    Content-Length: 14
    Connection: keep-alive
    Vary: Origin
    cf-cache-status: DYNAMIC
    Server: cloudflare
    CF-RAY: 916ebffabbfa634d-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=37185&min_rtt=37000&rtt_var=14007&sent=7&recv=6&lost=0&retrans=1&sent_bytes=3522&recv_bytes=714&delivery_rate=44719&cwnd=253&unsent_bytes=0&cid=edd2c3603c80363b&ts=410&x=0"
  • flag-au
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.178.8
  • flag-au
    DNS
    check-mate.digital
    Remote address:
    1.1.1.1:53
    Request
    check-mate.digital
    IN A
    Response
    check-mate.digital
    IN A
    193.163.203.46
  • flag-ru
    POST
    https://check-mate.digital/fi/tik/js.php
    Remote address:
    193.163.203.46:443
    Request
    POST /fi/tik/js.php HTTP/1.1
    Content-Type: application/json;charset=UTF-8
    Accept: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: check-mate.digital
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Content-Length: 139
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Mon, 24 Feb 2025 10:25:09 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=31536000
    Content-Encoding: gzip
  • 142.250.180.14:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.180.14:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.180.14:443
    android.apis.google.com
    tls
    1.7kB
     4.4kB
     10
    6
  • 216.58.213.14:443
    android.apis.google.com
    tls
    5.5kB
     8.6kB
     25
    23
  • 216.58.213.14:443
    android.apis.google.com
    tls
    3.0kB
     7.3kB
     16
    14
  • 172.67.74.152:443
    https://api.ipify.org/
    tls, http
    1.6kB
     4.9kB
     14
    9

    HTTP Request

    GET https://api.ipify.org/

    HTTP Response

    200
  • 193.163.203.46:443
    https://check-mate.digital/fi/tik/js.php
    tls, http
    1.7kB
     4.5kB
     12
    8

    HTTP Request

    POST https://check-mate.digital/fi/tik/js.php

    HTTP Response

    200
  • 142.250.200.36:443
    tls, https
    850 B
     40 B
     2
    1
  • 142.250.200.36:443
    www.google.com
    tls
    11.2kB
     10.7kB
     31
    35
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.213.14

  • 1.1.1.1:53
    api.ipify.org
    dns
    59 B
     107 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    172.67.74.152
    104.26.12.205
    104.26.13.205

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.178.8

  • 1.1.1.1:53
    check-mate.digital
    dns
    64 B
     80 B
     1
    1

    DNS Request

    check-mate.digital

    DNS Response

    193.163.203.46

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    573KB

    MD5

    85a997cbba7f8670f33e90bf983bfe0f

    SHA1

    8e724f0173dfc092642f63ad3a5c6ed844062349

    SHA256

    fbc6f5f898f1fd19efc08a1411d89c9d597beefd1784b58512fa57293926eb4d

    SHA512

    8b0a1d2d13fe5e2cfaf78237da6277bf52a726d171f0a009a5ea30951458de474b25eee1b65efbbe345bff8927878917fb96d14b828019304bdf340554fa4dc4

    Download Submit

  • /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    573KB

    MD5

    0579ae8db6252dce42ac067c0cf85407

    SHA1

    99acd4a47b6742cc9d039e22b9658cf58e9f1e6c

    SHA256

    de8c712243e4ce7a9ca1f014275896aab7ae8459b390fd712c48adec5f90cf05

    SHA512

    b717db5f0d8734b9a0c08851c0861f54449df3b9e8b038e7b62d9546d5a030ad12b9a0de3411736b57d7edb081f4c881bab4b561eb6785d14c5637793621c942

    Download Submit

  • /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    1.2MB

    MD5

    2df15293fa209edd8316911bbee2b6b0

    SHA1

    0adb97c4989f1e1933ef6687282c98fa1d7fe132

    SHA256

    eb2bc582b89cf3cc66db3ccf3226d800ea6440c2227fe7a522d4ffff88676875

    SHA512

    10c87cac3deed5cdde24ee46d1a75c911d08e4e24e3e7789a83902e069e5aab0ec9ab9cea58c69f8cf2fd8208f72ee860fa4a97ea30e1135d9591e51c8262118

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.