hxxps://atotax-office[.]one

Analysis

max time kernel
3131292s
max time network
131s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
22/09/2023, 02:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atotax-office.one

Score

5^/10

evasion

Malware Config

Signatures

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.android.chrome

com.android.chrome
1⤵
- Removes a system notification.
PID:4140

Network

DNS

atotax-office.one

Remote address:

1.1.1.1:53

Request

atotax-office.one

IN A

Response

atotax-office.one

IN A

172.67.170.81

atotax-office.one

IN A

104.21.55.19
DNS

safebrowsing.googleapis.com

Remote address:

1.1.1.1:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

172.217.168.234
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.251.39.99
POST

https://update.googleapis.com/service/update2

Remote address:

142.251.39.99:443

Request

POST /service/update2 HTTP/1.1
Content-Length: 660
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Security-Policy: script-src 'report-sample' 'nonce-g6usoiIub5rRoroi18OcUw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 22 Sep 2023 02:05:03 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6107
X-Daystart: 68703
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://update.googleapis.com/service/update2

Remote address:

142.251.39.99:443

Request

POST /service/update2 HTTP/1.1
Content-Length: 654
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Security-Policy: script-src 'report-sample' 'nonce-Ndmp8N3UvXwKmDOwhs9UXQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 22 Sep 2023 02:05:03 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6107
X-Daystart: 68703
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

matcrrohdulhoi

Remote address:

1.1.1.1:53

Request

matcrrohdulhoi

IN A

Response
DNS

fihaizcfyfjxm

Remote address:

1.1.1.1:53

Request

fihaizcfyfjxm

IN A

Response
DNS

kgmkvzhwg

Remote address:

1.1.1.1:53

Request

kgmkvzhwg

IN A

Response
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.142

172.67.170.81:443

atotax-office.one

tls

20.7kB
124.9kB
106
109
172.67.170.81:443

atotax-office.one

tls

681 B
5.8kB
7
6
172.217.168.234:443

safebrowsing.googleapis.com

tls

4.2kB
385.5kB
64
80
142.251.39.99:443

https://update.googleapis.com/service/update2

tls, http

2.6kB
8.0kB
9
12

HTTP Request

POST https://update.googleapis.com/service/update2

HTTP Response

200

HTTP Request

POST https://update.googleapis.com/service/update2

HTTP Response

200
142.250.179.206:443

tls, https

858 B
40 B
1
1
142.250.179.142:443

android.apis.google.com

tls

3.9kB
7.9kB
16
17
142.251.36.10:443

tls, https

1.2kB
40 B
1
1

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

atotax-office.one

dns

63 B
95 B
1
1

DNS Request

atotax-office.one

DNS Response

172.67.170.81

104.21.55.19
1.1.1.1:53

safebrowsing.googleapis.com

dns

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

172.217.168.234
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

142.251.39.99
1.1.1.1:53

matcrrohdulhoi

dns

60 B
135 B
1
1

DNS Request

matcrrohdulhoi
1.1.1.1:53

fihaizcfyfjxm

dns

59 B
134 B
1
1

DNS Request

fihaizcfyfjxm
1.1.1.1:53

kgmkvzhwg

dns

55 B
130 B
1
1

DNS Request

kgmkvzhwg
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.142

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.