hxxps://e5-nttdata-eloit-kl-in[.]azurewebsites[.]net/Account/Login?ReturnUrl=https%3A%2F%2Fe5-nttdata-eloit-kl-in[.]azurewebsites[.]net%2F

Analysis

max time kernel
374s
max time network
598s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
07/03/2024, 15:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://e5-nttdata-eloit-kl-in.azurewebsites.net/Account/Login?ReturnUrl=https%3A%2F%2Fe5-nttdata-eloit-kl-in.azurewebsites.net%2F

Score

7^/10

collection

Malware Config

Signatures

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://media/external/images/media	com.android.chrome

com.android.chrome
1⤵
- Reads the content of photos stored on the user's device.
PID:5018

Network

DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.168.84
DNS

e5-nttdata-eloit-kl-in.azurewebsites.net

Remote address:

1.1.1.1:53

Request

e5-nttdata-eloit-kl-in.azurewebsites.net

IN A

Response

e5-nttdata-eloit-kl-in.azurewebsites.net

IN CNAME

waws-prod-pn1-001.sip.azurewebsites.windows.net

waws-prod-pn1-001.sip.azurewebsites.windows.net

IN CNAME

waws-prod-pn1-001.centralindia.cloudapp.azure.com

waws-prod-pn1-001.centralindia.cloudapp.azure.com

IN A

104.211.97.138
DNS

safebrowsing.googleapis.com

Remote address:

1.1.1.1:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

142.250.178.10
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

172.217.169.72
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

216.58.212.195
DNS

hoszmtnynlchh

Remote address:

1.1.1.1:53

Request

hoszmtnynlchh

IN A

Response
DNS

spmctwnvuml

Remote address:

1.1.1.1:53

Request

spmctwnvuml

IN A

Response
DNS

teuflekkop

Remote address:

1.1.1.1:53

Request

teuflekkop

IN A

Response
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.180.14
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.250.200.35

142.251.168.84:443

accounts.google.com

tls

2.0kB
7.4kB
17
16
104.211.97.138:443

e5-nttdata-eloit-kl-in.azurewebsites.net

tls

2.3kB
7.0kB
12
9
104.211.97.138:443

e5-nttdata-eloit-kl-in.azurewebsites.net

tls

3.2kB
9.7kB
15
13
172.217.169.72:443

ssl.google-analytics.com

tls

2.2kB
6.5kB
14
13
216.58.201.106:443

tls, https

128 B
40 B
2
1
216.58.204.68:443

www.google.com

tls

2.4kB
11.7kB
21
25
142.250.180.14:443

tls, https

857 B
40 B
1
1
142.250.180.14:443

android.apis.google.com

tls

8.4kB
10.7kB
28
33
142.250.187.195:443

520 B
10
142.250.200.36:443

tls, https

431 B
40 B
2
1
142.250.200.36:443

www.google.com

tls

9.0kB
10.4kB
34
35
172.217.169.34:443

tls

135 B
40 B
2
1
142.250.178.3:443

tls, https

128 B
40 B
2
1
142.250.200.35:443

update.googleapis.com

tls

6.8kB
11.8kB
29
34
142.250.187.238:443

520 B
10

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.168.84
1.1.1.1:53

e5-nttdata-eloit-kl-in.azurewebsites.net

dns

86 B
223 B
1
1

DNS Request

e5-nttdata-eloit-kl-in.azurewebsites.net

DNS Response

104.211.97.138
1.1.1.1:53

safebrowsing.googleapis.com

dns

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

142.250.178.10
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

172.217.169.72
1.1.1.1:53

www.google.com

dns

60 B
1

DNS Request

www.google.com
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.204.68
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

216.58.212.195
1.1.1.1:53

hoszmtnynlchh

dns

59 B
134 B
1
1

DNS Request

hoszmtnynlchh
1.1.1.1:53

spmctwnvuml

dns

57 B
132 B
1
1

DNS Request

spmctwnvuml
1.1.1.1:53

teuflekkop

dns

56 B
131 B
1
1

DNS Request

teuflekkop
1.1.1.1:53

android.apis.google.com

dns

138 B
109 B
2
1

DNS Request

android.apis.google.com

DNS Request

android.apis.google.com

DNS Response

142.250.180.14
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

142.250.200.35

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Data from Local System

T1533

Command and Control

Exfiltration

Impact

Windows 7 deprecation

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.