Malware Analysis Report

2025-01-23 15:26

Sample ID 240418-dvhzpsah2w
Target http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-18 03:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 03:19

Reported

2024-04-18 03:21

Platform

android-x86-arm-20240221-en

Max time kernel

64s

Max time network

66s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 llqzuvw udp
US 1.1.1.1:53 dmpiclavujpah udp
US 1.1.1.1:53 qqhqtsqckae udp
GB 172.217.169.10:443 tcp
GB 172.217.16.238:443 tcp

Files

/storage/emulated/0/Download/.com.google.Chrome.O0vpfN

MD5 7f2d8a3052844a682f8906428517d2ee
SHA1 c28dc9610e4ec4cc5a4db57193f624c51f866dde
SHA256 b3dc31310c3e2160244f57cf60c73569ea902ba0fe69ade89e087ca4c2bd9372
SHA512 9d336095a34e2e521b0eb66e5257c54c3ecf5db35f18909ffd64a2ce9a35014dbe627d6531c83c7d53fbc1f4f2aa4cd7bc0e208ea68b642a9c03f922c52a47c8

/storage/emulated/0/Download/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip.crdownload

MD5 aff35a4be47debbf829b12fee4ecafdb
SHA1 8521fe782423da691865f9c24d54c8d8e0d7c44c
SHA256 8afdefa7409b0aa7101eddc7d6380c66cfa4003ced8df778bda8d397a30de5b3
SHA512 023d816db56dcffb18202aa1475bf903fe907f2cdaedc3f08543fa0a9ea75c8729a338294559aa72e53ab3745a3b75cfefe629b0fad96fe4b6fcc8d4b8010e01

files/dom-0.html

MD5 cecb649cb1fb79c3736936fcbef3bbf2
SHA1 2c95183d7d2b0cd68d15b3c4115189351fc08720
SHA256 09bda72e7c32a69e3268e0ebd8caa33684cbc954dd00c7d93a38830e348ef324
SHA512 b8aca3cf0ea838093bd29b70ead608597260b0e35886d491d17c304878f99510fd885d96a191080acb5b706a642253bd9cbe5065ff234472b048fcce282061de