Malware Research

20 Dec 2024 21:54

You are right. Okay, I will try doing that. Thanks : )

Malware Research

20 Dec 2024 21:42

Thank you for your input and for taking the time to look into this—I truly appreciate it. ❤️

To clarify, the app requires both devices to be connected to the same network; otherwise, it won’t function. The process also involves enabling Wi-Fi Wireless Debugging on the device you want to mirror, and the app needs to be installed on the second device.

Since I initially couldn’t get the app to work, I contacted the developer via email for assistance. They were very helpful and guided me through the setup process by sharing a screen recording. I also raised concerns about the app’s authenticity and asked whether it transmits any data externally. Here’s what they had to say in response.

Malware Research

20 Dec 2024 02:05

Hello @iamavu, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

19 Dec 2024 22:52

Thank you, everyone. It feels like a community of truly wonderful and decent people. I wasn't embarrassed or anything; I just didn't want to trouble anyone here with my very basic questions. However, I appreciate your guidance, and I will look into the two links shared above as I continue to learn. Your kind gesture means a lot to me 🙏

Malware Research

19 Dec 2024 22:48

Domain name is from China.

And here are the scan results from these two websites.

https://mobsf.live/static_analyzer/23b0c4d25dc884213a5f527765d2515c/#providers

https://www.virustotal.com/gui/file/738f7ea63e83fd7b32be42f5b2397490b7bf7c25aaf5e47306bb56b0d6830e50/relations

Malware Research

19 Dec 2024 22:39

I wouldn't say that it's fine. Depends on what domain name it is

Malware Research

19 Dec 2024 22:34

I'm asking because I think you don't understand what a .cc TLD indication means (and that's perfectly fine btw)

Malware Research

19 Dec 2024 22:31

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Malware Research

19 Dec 2024 22:26

Do you know what a TLD is?

Malware Research

19 Dec 2024 22:26

So, I downloaded an APK from GitHub. It aims to copy the functionality of scrcpy for mirroring one Android screen to another Android. I used the file before checking it on VirusTotal. Although everything seems okay at first glance, the 'Behavior' tab on the website gives me these warnings:

Matches rule INDICATOR-COMPROMISE: Suspicious .cc DNS query
Matches rule ET DNS Query for .cc TLD

Now, I am afraid that whatever I mirrored while using that application may have been sent to some cloud server. I don't really know. Please don't mind me if this is not the right place for asking such questions.

Malware Research

19 Dec 2024 22:18

Hello, is link sharing allowed here?

Malware Research

19 Dec 2024 16:31

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: гаопе
User ID: 1331514755
Reason: no warez

Malware Research

19 Dec 2024 11:55

User Gloria is already banned in Libra's Empire, with reason:
scam.

Malware Research

18 Dec 2024 08:31

Hello @hMESrh, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

17 Dec 2024 17:53

who decrypt the server part of a infostealer

Malware Research

20 Dec 2024 21:49

Well, they didn't answered the question. It is quite strange that it needs to connects to those domains.

If you really want to find the answer, then you will have to reverse engineer the app and read the code.

In the mobsf, there is a link to download java code. Perhaps, you can check the code and search for the domain.

Malware Research

20 Dec 2024 21:10

scrcpy requires device to connected via usb or via tcp/ip provided that both devices are present in the website.

If it didn't required the devices be connected to usb or be present in same network then there is a good chance that information between the devices were relayed through cloud.

If you access the website v.netsite.cc , it shows login/register page for cloud authentication / minimal card verification. I am not sure what this actually does.

If i have to make a guess then maybe this page is used to login into the cloud

Malware Research

19 Dec 2024 22:55

I also don't know many things, we all start somewhere, good luck!

Malware Research

19 Dec 2024 22:49

yeah that's kinda sus

Malware Research

19 Dec 2024 22:40

What I mean is fine is not knowing what a TLD is. I mean this from the perspective that he seems to be ashamed of not knowing everything, which I think is a bad attitude to have. Never be ashamed or afraid of not knowing everything, and always keep an open mind.

Malware Research

19 Dec 2024 22:35

https://en.wikipedia.org/wiki/.cc This is what the indication means, something tried to resolve a .cc domain

Malware Research

19 Dec 2024 22:31

You can try this tool

Malware Research

19 Dec 2024 22:28

Sorry, I didn't know.
Just googled it. It stands for Top Level Domain.

Malware Research

19 Dec 2024 22:26

Okay, thanks. I understand.

Malware Research

19 Dec 2024 22:21

If it is not breaking any rules

Malware Research

19 Dec 2024 16:32

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Dandin Nono
User ID: 1028968560
Reason: no warez

Malware Research

19 Dec 2024 16:26

The internet has a lot of free software downloads. I'm sure someone on there could help you.

Malware Research

19 Dec 2024 11:55

New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Gloria González
User ID: 7694614081
Reason: scam

Malware Research

17 Dec 2024 17:55

New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: percocets
User ID: 1045368389
Reason: None given.

Malware Research

17 Dec 2024 17:06

Hello, does anyone have a link to the crack version of cobalt strikee?