Malware Analysis Report

2025-08-05 18:56

Sample ID 231019-rld62shh35
Target https://cottgroupltd.xyz/class/#bWVsaXNzYS5waGFyb0B2b2x2by5jb20=
Tags
phishing evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cottgroupltd.xyz/class/#bWVsaXNzYS5waGFyb0B2b2x2by5jb20= was found to be: Likely malicious.

Malicious Activity Summary

phishing evasion

A potential corporate email address has been identified in the URL: [email protected]

Removes a system notification.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-19 14:16

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-19 14:16

Reported

2023-10-19 14:18

Platform

android-x64-arm64-20230831-en

Max time kernel

1213015s

Max time network

98s

Command Line

com.android.chrome

Signatures

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
NL 142.251.36.14:443 android.apis.google.com tcp
US 1.1.1.1:53 cottgroupltd.xyz udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 cottgroupltd.xyz udp
US 104.21.87.199:443 cottgroupltd.xyz tcp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.205:443 accounts.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 oxuzaojgt udp
US 1.1.1.1:53 utlxlnskel udp
US 1.1.1.1:53 dmzgoljra udp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 1.1.1.1:53 oxuzaojgt udp
US 1.1.1.1:53 dmzgoljra udp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 href.li udp
US 1.1.1.1:53 href.li udp
US 1.1.1.1:53 href.li udp
US 192.0.78.27:443 href.li tcp
US 1.1.1.1:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 upload.wikimedia.org udp
US 1.1.1.1:53 login.wikimedia.org udp
US 1.1.1.1:53 meta.wikimedia.org udp
US 1.1.1.1:53 clients1.google.com udp
NL 216.58.214.14:443 clients1.google.com tcp
US 1.1.1.1:53 upload.wikimedia.org udp
US 1.1.1.1:53 upload.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
NL 185.15.59.224:443 meta.wikimedia.org tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
US 1.1.1.1:53 redirector.gvt1.com udp
US 1.1.1.1:53 redirector.gvt1.com udp
US 1.1.1.1:53 redirector.gvt1.com udp
NL 142.250.179.142:80 dl.google.com tcp
NL 172.217.168.228:80 www.google.com tcp

Files

files/dom-0.html