Malware Analysis Report

2024-11-16 15:52

Sample ID 240205-cds8nsgad7
Target https://chromewebstore.google.com/detail/robux-gratis-generador-ro/jbdlcghcledhmmgdjlnoeapmmpkdgdke
Tags
google phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://chromewebstore.google.com/detail/robux-gratis-generador-ro/jbdlcghcledhmmgdjlnoeapmmpkdgdke was found to be: Likely benign.

Malicious Activity Summary

google phishing

Detected potential entity reuse from brand google.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-05 01:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-05 01:58

Reported

2024-02-05 02:00

Platform

android-x64-arm64-20231215-en

Max time kernel

149s

Max time network

156s

Command Line

com.android.chrome

Signatures

Detected potential entity reuse from brand google.

phishing google

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 chromewebstore.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.14:443 chromewebstore.google.com tcp
GB 142.250.200.14:443 chromewebstore.google.com tcp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 chromewebstore.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
GB 216.58.204.78:443 chromewebstore.google.com tcp
US 1.1.1.1:53 chrome.google.com udp
GB 142.250.200.14:443 chrome.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 1.1.1.1:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.169.14:443 clients1.google.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 usigzdrwm udp
US 1.1.1.1:53 yltdhofedhqm udp
US 1.1.1.1:53 fcpwyqujfbc udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 consent.google.com udp
GB 142.250.179.238:443 consent.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 1.1.1.1:53 id.google.com udp
PH 142.251.221.35:443 id.google.com tcp
PH 142.251.221.35:443 id.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 1.1.1.1:53 cdn.ampproject.org udp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 216.58.212.238:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.212.238:443 encrypted-tbn0.gstatic.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 lh5.googleusercontent.com udp
GB 172.217.16.238:443 play.google.com tcp
US 1.1.1.1:53 deltaexploits.net udp
US 172.67.211.218:443 deltaexploits.net tcp
US 172.67.211.218:443 deltaexploits.net tcp
US 1.1.1.1:53 du0pud0sdlmzf.cloudfront.net udp
GB 18.154.80.214:443 du0pud0sdlmzf.cloudfront.net tcp
US 1.1.1.1:53 angelsaidthe.info udp
GB 18.165.227.43:443 angelsaidthe.info tcp
US 1.1.1.1:53 hoatebilaterdea.info udp
US 1.1.1.1:53 ghabovethec.info udp
US 104.21.31.182:443 hoatebilaterdea.info tcp
GB 18.244.140.100:443 ghabovethec.info tcp
US 1.1.1.1:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 1.1.1.1:53 rkqwe.pohsoneche.info udp
US 34.195.224.242:443 rkqwe.pohsoneche.info tcp
US 1.1.1.1:53 ittontrinevengre.info udp
GB 216.137.44.100:443 ittontrinevengre.info tcp
US 34.195.224.242:443 rkqwe.pohsoneche.info tcp
US 1.1.1.1:53 trk.building-youth-spread-loss.run udp
US 104.21.20.223:443 trk.building-youth-spread-loss.run tcp
US 1.1.1.1:53 www.luckyofficialonlinesuper.skin udp
US 172.67.175.78:443 www.luckyofficialonlinesuper.skin tcp
US 172.67.175.78:443 www.luckyofficialonlinesuper.skin tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 cdn.luckyofficialonlinesuper.skin udp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-1gi7znes.gvt1.com udp
CH 173.194.160.72:443 r3---sn-1gi7znes.gvt1.com tcp
US 1.1.1.1:53 r2---sn-1gi7znek.gvt1.com udp
CH 74.125.108.199:443 r2---sn-1gi7znek.gvt1.com tcp
US 1.1.1.1:53 r3---sn-1gi7znek.gvt1.com udp
CH 74.125.108.200:443 r3---sn-1gi7znek.gvt1.com tcp
US 1.1.1.1:53 r5---sn-1gi7znes.gvt1.com udp
CH 173.194.160.74:443 r5---sn-1gi7znes.gvt1.com tcp
US 1.1.1.1:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 1.1.1.1:53 r1---sn-1gi7znes.gvt1.com udp
CH 173.194.160.70:443 r1---sn-1gi7znes.gvt1.com tcp
US 1.1.1.1:53 r5---sn-1gi7znek.gvt1.com udp
CH 74.125.108.202:443 r5---sn-1gi7znek.gvt1.com tcp
CH 74.125.108.199:443 r2---sn-1gi7znek.gvt1.com tcp
US 1.1.1.1:53 r1---sn-1gi7znek.gvt1.com udp
CH 74.125.108.198:443 r1---sn-1gi7znek.gvt1.com tcp
CH 173.194.160.72:443 r3---sn-1gi7znes.gvt1.com tcp
CH 74.125.108.200:443 r3---sn-1gi7znek.gvt1.com tcp
CH 173.194.160.74:443 r5---sn-1gi7znes.gvt1.com tcp
US 34.195.224.242:443 rkqwe.pohsoneche.info tcp
US 34.195.224.242:443 rkqwe.pohsoneche.info tcp
US 1.1.1.1:53 www.ensignmidshipmannavyfleet.skin udp
US 172.67.167.9:443 www.ensignmidshipmannavyfleet.skin tcp
US 172.67.167.9:443 www.ensignmidshipmannavyfleet.skin tcp
US 1.1.1.1:53 cdn.ensignmidshipmannavyfleet.skin udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.21.20.223:80 trk.building-youth-spread-loss.run tcp
US 104.21.20.223:80 trk.building-youth-spread-loss.run tcp
US 1.1.1.1:53 cp.effoulanponta.com udp
US 54.84.0.215:443 cp.effoulanponta.com tcp
US 54.84.0.215:443 cp.effoulanponta.com tcp
US 54.84.0.215:443 cp.effoulanponta.com tcp
US 1.1.1.1:53 app.appsflyer.com udp
GB 104.86.110.56:443 app.appsflyer.com tcp
US 1.1.1.1:53 angelsaidthe.info udp
US 1.1.1.1:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 1.1.1.1:53 beklefkiom.com udp
NL 139.45.197.237:443 beklefkiom.com tcp
US 1.1.1.1:53 the.gatekeeperconsent.com udp
US 1.1.1.1:53 propeller-tracking.com udp
US 1.1.1.1:53 my.rtmark.net udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
NL 139.45.197.240:443 propeller-tracking.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 1.1.1.1:53 datatechone.com udp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 www.ezojs.com udp
US 1.1.1.1:53 privacy.gatekeeperconsent.com udp
US 1.1.1.1:53 translate.google.com udp
NL 139.45.195.253:443 datatechone.com tcp
US 172.67.41.60:443 btloader.com tcp
US 172.64.97.6:443 www.ezojs.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 172.217.169.14:443 translate.google.com tcp
US 1.1.1.1:53 totalnicenewz.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 cdn.amplitude.com udp
US 1.1.1.1:53 api.btloader.com udp
US 104.21.83.214:443 totalnicenewz.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
GB 18.172.155.200:443 cdn.amplitude.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 1.1.1.1:53 g.ezoic.net udp
IE 52.211.212.103:443 g.ezoic.net tcp
US 1.1.1.1:53 static.mediafire.com udp
US 1.1.1.1:53 api.amplitude.com udp
US 52.39.4.240:443 api.amplitude.com tcp
US 1.1.1.1:53 sr7pv7n5x.com udp
NL 212.117.190.201:443 sr7pv7n5x.com tcp

Files

files/dom-0.html

MD5 c73e018fa225a3b6d7a7e0934785801c
SHA1 b409a69e49b9031801d2c3665d07d650e425271e
SHA256 36d240203f94efe1a0c24f988c8e25415266ad57667033a5327845b31fae0ee5
SHA512 3c7ff0639fe40aa620c9773eccb14642ca4a1bec35cd73969875d769e4d2cdb4c15dbcb18ac61748147e3f4e8c8932c29c50041aa9c568cc3e3497862c13f0f9