File name:

243bc2775e21ddb266e498e39a6dc02c.apk

Full analysis: https://app.any.run/tasks/2c50a148-2f13-40da-82df-35009f111d4b
Verdict: Malicious activity
Analysis date: April 29, 2025, 05:44:01
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with AndroidManifest.xml
MD5:

B57E124E5553467CC7236530C249B3E1

SHA1:

8A56F6B68C61F3B8F0C336DC2E359408B91961A3

SHA256:

824D92B8CFEA8115A06BB5A23ECC05023DE822AC2528A5ADB78803FF72B91EED

SSDEEP:

98304:iFpl4sd59ymXuBzEEbh7LjeeY2Wd0gz7NVPQ7mPyNSmqVrTWu7X19O1ednkDDqF4:UzfPJR4RRTW+p8GLWvCV7b4bcO5tIFZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2266)

    • Launches a new activity

      • app_process64 (PID: 2266)

    • Connects to unusual port

      • app_process64 (PID: 2266)

    • Establishing a connection

      • app_process64 (PID: 2266)

    • Starts a service

      • app_process64 (PID: 2266)

    • Accesses external device storage files

      • app_process64 (PID: 2266)

  • INFO

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2266)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2266)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2266)

    • Handles throwable exceptions in the app

      • app_process64 (PID: 2266)

    • Listens for changes in sensors

      • app_process64 (PID: 2266)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2266)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (50.4)
.jar | Java Archive (13.9)
.zan | BlueEyes Animation (12.9)
.vym | VYM Mind Map (12)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0xf42515f4
ZipCompressedSize: 4638
ZipUncompressedSize: 23592
ZipFileName: AndroidManifest.xml
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
5
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start app_process64 app_process64 no specs app_process32 app_process32 no specs app_process32

Process information

PID
CMD
Path
Indicators
Parent process
2266com.binance.app.an.two /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2335com.android.settings /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4358zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4387webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
0
4442zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
62
Text files
26
Unknown types
0

Dropped files

PID
Process
Filename
Type
2266app_process64/data/data/com.binance.app.an.two/shared_prefs/com.binance.app.an.two_preferences.xmlxml
MD5:
SHA256:
2266app_process64/storage/emulated/0/Android/data/com.binance.app.an.two/files/User/user.infobinary
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/oat_primary/arm64/base.2266.tmpbinary
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/journal.tmptext
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/09ba5eb3765efa6437ec306a2c094ae7367db634beef9a95fec5b9e2e47c5e73.0.tmpimage
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/a30b3e890376f65f9a47d32f7dbf9a56daa1acf0b8539bb9b3e1f38069693e9f.0.tmpimage
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/e1d50f7e1af5aa885502ba2c3f30c165a2ffd94ed6ae04c0d2ff8b9e0be22d48.0.tmpimage
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/e1d50f7e1af5aa885502ba2c3f30c165a2ffd94ed6ae04c0d2ff8b9e0be22d48.0image
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/a30b3e890376f65f9a47d32f7dbf9a56daa1acf0b8539bb9b3e1f38069693e9f.0image
MD5:
SHA256:
2266app_process64/data/data/com.binance.app.an.two/cache/image_manager_disk_cache/91ebf43779f4d2687e2e99385d4f47b99ec438421fefa65600ef658c7a4fb792.0.tmpimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
28
DNS requests
18
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.184.195:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/uc/risk/kill
unknown
unknown
2266
app_process64
POST
404
129.226.139.51:80
http://api.fawbiaces.bond/option/coin/coin-list
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/uc/ancillary/system/app/version/0
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/uc/approve/security/setting
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/swap/symbol-thumb
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/uc/ancillary/system/advertise
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/uc/ancillary/system/advertise
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/market/overview
unknown
unknown
2266
app_process64
POST
200
129.226.139.51:80
http://api.fawbiaces.bond/market/exchange-rate/usd-cny
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
216.239.35.0:123
time.android.com
whitelisted
142.250.184.195:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.250.186.68:443
www.google.com
GOOGLE
US
whitelisted
142.251.31.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2266
app_process64
129.226.139.51:80
api.fawbiaces.bond
Tencent Building, Kejizhongyi Avenue
HK
unknown
2266
app_process64
119.28.16.38:28901
contr.fawbiaces.bond
Tencent Building, Kejizhongyi Avenue
HK
unknown
2266
app_process64
119.28.16.38:38901
contr.fawbiaces.bond
Tencent Building, Kejizhongyi Avenue
HK
unknown
2266
app_process64
47.79.66.82:443
qihaojys.oss-cn-hongkong.aliyuncs.com
WINDSTREAM
US
unknown
2266
app_process64
2.23.227.13:443
cdn.livechatinc.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.184.195
whitelisted
www.google.com
  • 142.250.186.68
whitelisted
google.com
  • 142.250.186.174
whitelisted
time.android.com
  • 216.239.35.0
  • 216.239.35.12
  • 216.239.35.4
  • 216.239.35.8
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 142.251.31.81
whitelisted
api.fawbiaces.bond
  • 129.226.139.51
unknown
contr.fawbiaces.bond
  • 119.28.16.38
unknown
qihaojys.oss-cn-hongkong.aliyuncs.com
  • 47.79.66.82
unknown
cdn.livechatinc.com
  • 2.23.227.13
  • 2.23.227.8
whitelisted
clientservices.googleapis.com
  • 142.250.185.67
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
345
netd
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2266
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2266
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2266
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2266
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
243bc2775e21ddb266e498e39a6dc02c.apk