Complete dissection of an APK with a suspicious C2 Server
Tags
attack-pattern: Data Model Contact List - T1636.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID d31b2a5a-661a-4862-bdcc-cc43554b80dd
Fingerprint 76190e164571259b
Analysis status DONE
Considered CTI value 0
Text language
Published April 1, 2022, 2:28 p.m.
Added to db Sept. 11, 2022, 12:39 p.m.
Last updated Nov. 20, 2024, 5:43 a.m.
Headline Complete dissection of an APK with a suspicious C2 Server
Title Complete dissection of an APK with a suspicious C2 Server
Detected Hints/Tags/Attributes 39/1/16
Source URLs
Redirection Url
Details Source https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/
URL Provider
Details Provider Source level domain
Details lab52.io lab52.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 148 lab52 https://lab52.io/blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
com.remote.app
Details Domain 80 
goo.gl
Details Domain 1 
videos-share-rozdhan.firebaseio.com
Details Domain 1 
ylink.cc
Details Domain 2 
d3hdbjtb1686tn.cloudfront.net
Details Domain 1 
da.anythinktech.com
Details Domain 1183 
gmail.com
Details Email 1 
akankdev2017@gmail.com
Details File 2 
gpsdk.html
Details sha256 1 
e0eacd72afe39de3b327a164f9c69a78c9c0f672d3ad202271772d816db4fad8
Details sha256 1 
51ab555404b7215af887df3146ead5e44603be9765d39c533c21b5737a88f176
Details IPv4 2 
82.146.35.240
Details Url 1 
https://videos-share-rozdhan.firebaseio.com
Details Url 1 
http://ylink.cc/fqcv3
Details Url 1 
http://d3hdbjtb1686tn.cloudfront.net/gpsdk.html
Details Url 1 
http://da.anythinktech.com