Analysis Overview
score
8/10
Threat Level: Likely malicious
The file https://cottgroupltd.xyz/class/#bWVsaXNzYS5waGFyb0B2b2x2by5jb20= was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Removes a system notification.
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-10-19 14:16
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-19 14:16
Reported
2023-10-19 14:18
Platform
android-x64-arm64-20230831-en
Max time kernel
1213015s
Max time network
98s
Command Line
com.android.chrome
Signatures
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | cottgroupltd.xyz | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | cottgroupltd.xyz | udp |
| US | 104.21.87.199:443 | cottgroupltd.xyz | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.250.179.205:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | oxuzaojgt | udp |
| US | 1.1.1.1:53 | utlxlnskel | udp |
| US | 1.1.1.1:53 | dmzgoljra | udp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | oxuzaojgt | udp |
| US | 1.1.1.1:53 | dmzgoljra | udp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | href.li | udp |
| US | 1.1.1.1:53 | href.li | udp |
| US | 1.1.1.1:53 | href.li | udp |
| US | 192.0.78.27:443 | href.li | tcp |
| US | 1.1.1.1:53 | en.wikipedia.org | udp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | upload.wikimedia.org | udp |
| US | 1.1.1.1:53 | login.wikimedia.org | udp |
| US | 1.1.1.1:53 | meta.wikimedia.org | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| NL | 216.58.214.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | upload.wikimedia.org | udp |
| US | 1.1.1.1:53 | upload.wikimedia.org | udp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| NL | 185.15.59.224:443 | meta.wikimedia.org | tcp |
| US | 1.1.1.1:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.142:80 | dl.google.com | tcp |
| NL | 172.217.168.228:80 | www.google.com | tcp |
Files
files/dom-0.html