Malware Analysis Report

2025-01-02 04:23

Sample ID 231218-1pplmadefm
Target https://view.emails.paypal.com/?qs=f3c8c0f71b697524a01377955495e521713616f9e7492b28ec417ee894dc3939dc82a7f96f92f01fcfbb97f7839f8dafd2fbf07957eff9aeef1a26e8702d9ea8b3129da67e02b549f83683af0ecd0648
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://view.emails.paypal.com/?qs=f3c8c0f71b697524a01377955495e521713616f9e7492b28ec417ee894dc3939dc82a7f96f92f01fcfbb97f7839f8dafd2fbf07957eff9aeef1a26e8702d9ea8b3129da67e02b549f83683af0ecd0648 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-18 21:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-18 21:49

Reported

2023-12-18 21:50

Platform

android-x64-20231215-en

Max time kernel

2129186s

Max time network

49s

Command Line

com.android.chrome

Signatures

N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
FR 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
FR 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 images-na.ssl-images-amazon.com udp
US 1.1.1.1:53 en.m.wikipedia.org udp
US 1.1.1.1:53 a.espncdn.com udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 s.yimg.com udp
US 1.1.1.1:53 ir.ebaystatic.com udp
US 1.1.1.1:53 www.instagram.com udp
GB 216.58.213.14:443 m.youtube.com tcp
US 18.154.85.102:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 104.86.110.176:80 a.espncdn.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 151.101.2.206:443 ir.ebaystatic.com tcp
IE 163.70.147.174:443 www.instagram.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.co.uk udp
FR 216.58.201.99:443 www.google.co.uk tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 zoekddjplotuzau udp
US 1.1.1.1:53 nlgrapkjnxqnoj udp
US 1.1.1.1:53 yvgpiwq udp
US 1.1.1.1:53 pos.rstore.com udp
US 104.16.220.78:80 pos.rstore.com tcp
US 104.16.220.78:80 pos.rstore.com tcp
US 104.16.220.78:443 pos.rstore.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.212.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 cdn.attn.tv udp
GB 99.84.9.49:443 cdn.attn.tv tcp
US 1.1.1.1:53 widget.trustpilot.com udp
GB 54.192.137.11:443 widget.trustpilot.com tcp
US 1.1.1.1:53 www.therange.co.uk udp
US 1.1.1.1:53 bat.bing.com udp
US 1.1.1.1:53 x.klarnacdn.net udp
US 1.1.1.1:53 www.dwin1.com udp
US 104.19.179.5:443 www.therange.co.uk tcp
US 104.19.179.5:443 www.therange.co.uk tcp
US 104.19.179.5:443 www.therange.co.uk tcp
US 104.19.179.5:443 www.therange.co.uk tcp
US 104.19.179.5:443 www.therange.co.uk tcp
US 104.19.179.5:443 www.therange.co.uk tcp
US 13.107.21.200:443 bat.bing.com tcp
GB 52.84.90.79:443 x.klarnacdn.net tcp
GB 108.138.233.18:443 www.dwin1.com tcp
US 1.1.1.1:53 tgtag.io udp
US 1.1.1.1:53 s.pinimg.com udp
US 34.120.230.83:443 tgtag.io tcp
GB 199.232.56.84:443 s.pinimg.com tcp
US 1.1.1.1:53 lantern.roeyecdn.com udp
GB 143.204.191.38:443 lantern.roeyecdn.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 1.1.1.1:53 lantern.roeye.com udp
IE 52.213.174.118:443 lantern.roeye.com tcp
US 1.1.1.1:53 www.clarity.ms udp
US 13.107.213.64:443 www.clarity.ms tcp
US 1.1.1.1:53 api.trafficguard.ai udp
US 34.111.75.154:443 api.trafficguard.ai tcp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.212.202:443 safebrowsing.googleapis.com tcp
GB 216.58.212.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 ct.pinterest.com udp
US 151.101.0.84:443 ct.pinterest.com tcp
US 151.101.0.84:443 ct.pinterest.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 1.1.1.1:53 region1.analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 trk.ometria.com udp
IE 52.212.199.19:443 trk.ometria.com tcp
GB 172.217.169.36:443 tcp
GB 172.217.169.36:443 tcp

Files

N/A