Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/Endermanch/MalwareDatabase was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Checks memory information
Reads the content of photos stored on the user's device.
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-24 21:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-24 21:18
Reported
2024-04-24 21:48
Platform
android-x86-arm-20240221-en
Max time kernel
1798s
Max time network
1792s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | freegeoip.app | N/A | N/A |
| N/A | freegeoip.app | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.180.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | yhpfqnfh | udp |
| US | 1.1.1.1:53 | dnbubateugna | udp |
| US | 1.1.1.1:53 | lznhezuczxgel | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 1.1.1.1:53 | consent.google.co.uk | udp |
| US | 1.1.1.1:53 | consent.google.co.uk | udp |
| GB | 172.217.16.238:443 | consent.google.co.uk | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | id.google.co.uk | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | maldroid.github.io | udp |
| US | 185.199.110.153:443 | maldroid.github.io | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | bazaar.abuse.ch | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | www.domaintools.com | udp |
| US | 141.193.213.21:443 | www.domaintools.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | info.domaintools.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.71.206:443 | info.domaintools.com | tcp |
| US | 1.1.1.1:53 | domaintools.com | udp |
| US | 1.1.1.1:53 | cdn-4.convertexperiments.com | udp |
| GB | 104.78.166.172:443 | cdn-4.convertexperiments.com | tcp |
| US | 1.1.1.1:53 | acsbapp.com | udp |
| US | 1.1.1.1:53 | www.clarity.ms | udp |
| US | 104.22.0.204:443 | acsbapp.com | tcp |
| US | 13.107.246.52:443 | www.clarity.ms | tcp |
| US | 1.1.1.1:53 | snap.licdn.com | udp |
| US | 1.1.1.1:53 | munchkin.marketo.net | udp |
| US | 1.1.1.1:53 | trk.techtarget.com | udp |
| US | 1.1.1.1:53 | cdn.bizible.com | udp |
| GB | 173.222.211.56:443 | snap.licdn.com | tcp |
| US | 1.1.1.1:53 | c.clarity.ms | udp |
| GB | 23.204.224.203:443 | munchkin.marketo.net | tcp |
| US | 104.18.36.196:443 | trk.techtarget.com | tcp |
| FR | 152.195.15.58:443 | cdn.bizible.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 1.1.1.1:53 | freegeoip.app | udp |
| US | 172.67.160.84:443 | freegeoip.app | tcp |
| US | 1.1.1.1:53 | cdn.bizibly.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | c.bing.com | udp |
| US | 1.1.1.1:53 | x.clarity.ms | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 1.1.1.1:53 | px.ads.linkedin.com | udp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ibc-flow.techtarget.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 34.111.208.231:443 | ibc-flow.techtarget.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 1.1.1.1:53 | 132-ohd-785.mktoresp.com | udp |
| US | 192.28.144.124:443 | 132-ohd-785.mktoresp.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 216.58.212.195:80 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | www.zscaler.com | udp |
| US | 104.18.28.74:443 | www.zscaler.com | tcp |
| US | 1.1.1.1:53 | info.zscaler.com | udp |
| US | 1.1.1.1:53 | cdn.intellimize.co | udp |
| US | 1.1.1.1:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 151.101.2.132:443 | cdn.intellimize.co | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.17.74.206:443 | info.zscaler.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 1.1.1.1:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 1.1.1.1:53 | 117186981.intellimizeio.com | udp |
| US | 1.1.1.1:53 | api.intellimize.co | udp |
| IE | 46.137.89.126:443 | api.intellimize.co | tcp |
| US | 1.1.1.1:53 | log.intellimize.co | udp |
| US | 1.1.1.1:53 | 117186981.intellimizeio.com | udp |
| US | 54.149.206.149:443 | log.intellimize.co | tcp |
| US | 54.149.206.149:443 | log.intellimize.co | tcp |
| IE | 54.76.93.18:443 | 117186981.intellimizeio.com | tcp |
| US | 54.149.206.149:443 | log.intellimize.co | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | i.ytimg.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | stingrayfnaf2.bio.link | udp |
| US | 1.1.1.1:53 | stingrayfnaf2.bio.link | udp |
| US | 172.67.68.55:443 | stingrayfnaf2.bio.link | tcp |
| US | 172.67.68.55:443 | stingrayfnaf2.bio.link | tcp |
| US | 1.1.1.1:53 | cdn.bio.link | udp |
| US | 1.1.1.1:53 | cdn.coverr.co | udp |
| US | 1.1.1.1:53 | analytics.bio.link | udp |
| US | 1.1.1.1:53 | assets.pinterest.com | udp |
| US | 104.26.1.159:443 | cdn.coverr.co | tcp |
| GB | 199.232.56.84:443 | assets.pinterest.com | tcp |
| US | 104.26.1.159:443 | cdn.coverr.co | tcp |
| US | 1.1.1.1:53 | cdn.coverr.co | udp |
| US | 172.67.71.169:443 | cdn.coverr.co | tcp |
| US | 1.1.1.1:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 104.26.7.114:443 | analytics.bio.link | tcp |
| US | 1.1.1.1:53 | stats.bio.link | udp |
| US | 1.1.1.1:53 | bio.link | udp |
| US | 1.1.1.1:53 | log.pinterest.com | udp |
| US | 151.101.128.84:443 | log.pinterest.com | tcp |
| US | 1.1.1.1:53 | stats.bio.link | udp |
| US | 1.1.1.1:53 | modsofapk.com | udp |
| US | 172.67.196.82:443 | modsofapk.com | tcp |
| US | 172.67.196.82:443 | modsofapk.com | tcp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| US | 1.1.1.1:53 | cdn.modsofapk.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.213.1:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | www.googletagservices.com | udp |
| US | 1.1.1.1:53 | ionigravida.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 143.244.38.136:443 | cdn.modsofapk.com | tcp |
| GB | 143.244.38.136:443 | cdn.modsofapk.com | tcp |
| US | 1.1.1.1:53 | secure.gravatar.com | udp |
| US | 1.1.1.1:53 | thoakeet.net | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | facebook.com | udp |
| US | 1.1.1.1:53 | t.me | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | ionigravida.com | udp |
| GB | 142.250.179.238:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | thoakeet.net | udp |
| NL | 139.45.197.251:443 | thoakeet.net | tcp |
| NL | 139.45.197.251:443 | thoakeet.net | tcp |
| US | 1.1.1.1:53 | jouteetu.net | udp |
| US | 1.1.1.1:53 | my.rtmark.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.251:443 | thoakeet.net | tcp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| GB | 216.58.201.118:443 | play-lh.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | jouteetu.net | udp |
| US | 1.1.1.1:53 | ionigravida.com | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 1.1.1.1:53 | cdn.itskiddien.club | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 23.109.170.135:443 | ionigravida.com | tcp |
| NL | 139.45.197.236:443 | cdn.itskiddien.club | tcp |
| US | 1.1.1.1:53 | yonmewon.com | udp |
| US | 1.1.1.1:53 | sr7pv7n5x.com | udp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| US | 1.1.1.1:53 | sr7pv7n5x.com | udp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| GB | 216.58.213.1:443 | tpc.googlesyndication.com | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| GB | 216.58.213.1:443 | tpc.googlesyndication.com | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| GB | 216.58.213.1:443 | tpc.googlesyndication.com | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 1.1.1.1:53 | cdn.modsofapk.com | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | facebook.com | udp |
| US | 1.1.1.1:53 | t.me | udp |
| US | 1.1.1.1:53 | ionigravida.com | udp |
| US | 1.1.1.1:53 | play-lh.googleusercontent.com | udp |
| US | 1.1.1.1:53 | assets.pinterest.com | udp |
| US | 1.1.1.1:53 | plausible.io | udp |
| US | 172.67.71.169:443 | cdn.coverr.co | tcp |
| US | 1.1.1.1:53 | bio.site | udp |
| US | 1.1.1.1:53 | bio.site | udp |
| US | 151.101.130.132:443 | bio.site | tcp |
| US | 151.101.130.132:443 | bio.site | tcp |
| US | 1.1.1.1:53 | media.bio.site | udp |
| US | 1.1.1.1:53 | apkrabi.com | udp |
| US | 172.67.201.89:443 | apkrabi.com | tcp |
| US | 172.67.201.89:443 | apkrabi.com | tcp |
| US | 1.1.1.1:53 | images.dmca.com | udp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| US | 1.1.1.1:53 | www.dmca.com | udp |
| US | 13.107.246.64:443 | www.dmca.com | tcp |
| US | 13.107.246.64:443 | www.dmca.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.201.89:80 | apkrabi.com | tcp |
| US | 172.67.201.89:80 | apkrabi.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | files.apkrabi.download | udp |
| US | 172.67.212.171:443 | files.apkrabi.download | tcp |
| US | 172.67.212.171:443 | files.apkrabi.download | tcp |
| US | 172.67.212.171:443 | files.apkrabi.download | tcp |
| US | 1.1.1.1:53 | files.da61ec391c694e2c4f75ceea255b660f.r2.cloudflarestorage.com | udp |
| US | 104.18.8.90:443 | files.da61ec391c694e2c4f75ceea255b660f.r2.cloudflarestorage.com | tcp |
| US | 104.18.8.90:443 | files.da61ec391c694e2c4f75ceea255b660f.r2.cloudflarestorage.com | tcp |
| US | 104.18.8.90:443 | files.da61ec391c694e2c4f75ceea255b660f.r2.cloudflarestorage.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | omnatuor.com | udp |
| NL | 139.45.197.227:443 | omnatuor.com | tcp |
| NL | 139.45.197.227:443 | omnatuor.com | tcp |
| US | 1.1.1.1:53 | static.ptoahaistais.com | udp |
| US | 1.1.1.1:53 | pushimg.com | udp |
| NL | 139.45.197.153:443 | static.ptoahaistais.com | tcp |
| NL | 139.45.197.153:443 | static.ptoahaistais.com | tcp |
| NL | 37.48.68.87:443 | pushimg.com | tcp |
| NL | 139.45.197.227:443 | omnatuor.com | tcp |
| NL | 139.45.197.227:443 | omnatuor.com | tcp |
Files
files/dom-0.html
| MD5 | a4170b4de13691b5ded10ffd60bc052f |
| SHA1 | 378547a9572db9074f31489e38c846bdc53cd9a0 |
| SHA256 | cb446209e783ccfdde25ab17246dc2d3e934d903f588f4da3ee02652641870ac |
| SHA512 | d7d4837528fc6197722234094f8a186abbd4ac5c906709c4dfee24ae540c73666a97ed185e67a260b2673a624a68efe76997524442a81da496e74a945672d310 |
/storage/emulated/0/Download/.com.google.Chrome.IpBs69
| MD5 | 5a7a1acf43e76f72058a5e0805d2304d |
| SHA1 | a79ab3559a7e2002c7661a3c144ea0838a42ff36 |
| SHA256 | 09eaebefef611cd74176aa3788e48039a5b57a81e6f366356c8e61396f62273a |
| SHA512 | 7d6d684cc1a07e0ab66a7d031357c75a92710e5c6326ed0800026df9ae8a6523b47356f0914fc552bdf82d5605a44570e69de82e151103855224a4f27d1749c0 |
/storage/emulated/0/Download/5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e.zip.crdownload
| MD5 | ae0353a2f952bd2988ca6f45be359104 |
| SHA1 | 31876cf8a5a866251a49d1f40b2fcd2326b0ebaf |
| SHA256 | 2c6d81026c661c3b5960a249640ffbe8dbad24430f2f2cf74fc6c98d74695b90 |
| SHA512 | 5019bcc8bbc9a306cfce7e6259c8d98cd4ec34446c873312aea336a5f683c419affc6d7f33f9b4855cbbef4dc505e47d791e8aae5fd4aa28231dfacf854489b2 |
/storage/emulated/0/Download/.com.google.Chrome.WSbcIm
| MD5 | b826d38eab72a98affd8c8360d76467e |
| SHA1 | 2d39e701f27b1d1b86fe5278ce48e72d69b0dd80 |
| SHA256 | e60f1b3ed5c8ae886880aa7cbf388d09ab1e10f8f75d96b8b3860ec6336ec783 |
| SHA512 | d0a26697632885f5964977ec0c239165ef42bab6a78953f29a2e9f821e3751685654e7c70a6abc56397f0b8917ea204cf04e5aaf55506584e3af4cde26e8be88 |
/storage/emulated/0/Download/Unconfirmed 826511.crdownload
| MD5 | 007e3ce85045f41f3b5780df106ae8e4 |
| SHA1 | 39b55376efcd2f4c0bef0b382bbffbeef38b09b5 |
| SHA256 | edb77b9ff47359d775c0483ba448f48f52a9d79246cfafde9db984250f3e1926 |
| SHA512 | 75b6f57b3f25f5540552edf486caaa725e2bb9bfcb1841c7c91c18190faf5aef3075688e44cbb24e356e7cec0858414f0cb07df21531dda71166ddb7955c4600 |
/storage/emulated/0/Download/.com.google.Chrome.UKuCoN
| MD5 | dd67db51c53a4df87fd1613e9d9501c7 |
| SHA1 | 1af9d2efd6f70e91b02e75aec6e9790c0bb62e5e |
| SHA256 | b3ac63a6df7a794525dde9d16819942671692175b08e0ee914aec722b8d2ba81 |
| SHA512 | edec67b6f187c858dd76158fa40d92a653a6458881d26c41543e8885d1b93dc5ba98a84058113372c1076a6d302a708d738f4c5356af6fcb03c6d30005d57ed6 |
/storage/emulated/0/Download/Unconfirmed 692535.crdownload
| MD5 | 66c2504ab4e440d65190a8712cc1b143 |
| SHA1 | 8b2c0b42cf57ce943404d1ddc31893db4cf74095 |
| SHA256 | 6faeddf27d66750144f1071937786767f997c90ef349793872e7734de21ad47f |
| SHA512 | 293e2e54146e3f94d0c59004473a45041bf25062623222cd497499d479307a492442506ae11095f8bef1a588536b82ccae07e96cb5a3aa669e0b3bf70d8a7d29 |
/storage/emulated/0/Download/.com.google.Chrome.npiEzb
| MD5 | 72ec4b6ee6ce5bcc785ca6af14f2f1f5 |
| SHA1 | 67f8e1875aeda4f249bca57618eacf09d4a059f2 |
| SHA256 | 71c12a9802b1e406ba3a632a127ef1c189a374056add0c3093357bbff5ae5ecd |
| SHA512 | ef321f034d87e8428fb451365fb9ff5d4922df0652ff8ee0b1c70b3aa94700548b9db8167db5111c1d19db8f369895c7c959668aafcc765020b3bbb1a0f43932 |
/storage/emulated/0/Download/Unconfirmed 20066.crdownload
| MD5 | a00b03cc51e95531814f6e14e4bb8f55 |
| SHA1 | 803bdf3629c40776b8fe5bd703e7011866528928 |
| SHA256 | a4037c1be731890b78eeaf6b5c2cf4205b9cce7bd91a81401896e334153db581 |
| SHA512 | 26cb64f05d46dc3ac69bef731ac0d12653d78ea5a00c7bd3fbe3fdc822379cfe42436ff43a39fb157850b4c1ff5a57ca483f7eca5f2dfd366452f5f51e1bac46 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-24 21:18
Reported
2024-04-24 21:48
Platform
android-x64-20240221-en
Max time kernel
1749s
Max time network
1807s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| GB | 142.250.187.234:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 172.217.169.14:443 | clients1.google.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | hfvzhilnmh | udp |
| US | 1.1.1.1:53 | zuvfuhxjeysdwkp | udp |
| US | 1.1.1.1:53 | zzolztolw | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 172.217.169.34:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| BE | 173.194.76.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | 8106986c7385dac76a6f9fd07787d559 |
| SHA1 | 1c95611222773beda0ae373db68710478d1d64a7 |
| SHA256 | 11f35aab7f8bec9b059ba838902ab097e29bf0491c461130afdf7a294e659d70 |
| SHA512 | dd693e6f1be4ff41ba0d27a5c81097c6fbea561ae1cdbd807f515fd30c268c313cd63bd040673b301e7d0090bb12644e588c1f0ebc7db2412b6c02af80c3f239 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-24 21:18
Reported
2024-04-24 21:48
Platform
android-x64-arm64-20240221-en
Max time kernel
1685s
Max time network
1666s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | udp | |
| GB | 142.250.200.46:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | xpmzidler | udp |
| US | 1.1.1.1:53 | xdihjhldtptd | udp |
| US | 1.1.1.1:53 | kitlhwbcfieve | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | xdihjhldtptd | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | f959a2093204b46966189adf53b716a7 |
| SHA1 | 08f0ee74e04ac232ad649e26ca4339799600dbc4 |
| SHA256 | b086f7e12aab7d72a6d3ac721b7374ceffc5ee3189a5050d8156f7f7f5942b38 |
| SHA512 | 8cc30f127fe9c03e737f90dbc5cf1de454942e3935779d2b98349385095d5297d75690bab5e2cbde0a13474f66150cb101e3cd9512ec6bb215ea1beb369f4687 |