Malware Analysis Report

2024-09-09 17:25

Sample ID 231029-wn3dwagg4y
Target https://ewasmash.com
Tags
evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://ewasmash.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion

Requests cell location

Removes a system notification.

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-29 18:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-29 18:04

Reported

2023-10-30 23:10

Platform

android-x86-arm-20231023-en

Max time kernel

2195369s

Max time network

34s

Command Line

com.android.chrome

Signatures

Requests cell location

Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ewasmash.com udp
N/A 100.79.34.131:443 ewasmash.com tcp
N/A 100.79.34.131:443 ewasmash.com tcp
N/A 100.79.34.131:443 ewasmash.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
N/A 100.91.150.218:443 safebrowsing.googleapis.com tcp
N/A 100.65.105.186:80 clientservices.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
N/A 100.115.56.55:443 update.googleapis.com tcp
US 1.1.1.1:53 bqtfflfaw udp
US 1.1.1.1:53 fsjjbsimw udp
US 1.1.1.1:53 zjiqhum udp
N/A 100.80.204.61:80 fsjjbsimw tcp
N/A 100.91.240.27:80 bqtfflfaw tcp
N/A 100.73.126.255:80 zjiqhum tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
N/A 100.106.222.77:443 android.apis.google.com tcp
NL 142.250.179.170:443 tcp
N/A 100.106.222.77:443 android.apis.google.com tcp

Files

N/A