Malware Analysis Report

2024-10-24 21:37

Sample ID 240527-hd4x3acb29
Target https://www.linuxmadesimple.info/2020/04/how-to-install-openoffice-on-ubuntu-2004.html
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.linuxmadesimple.info/2020/04/how-to-install-openoffice-on-ubuntu-2004.html was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 06:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 06:38

Reported

2024-05-27 06:44

Platform

android-33-x64-arm64-20240514-en

Max time kernel

326s

Max time network

332s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.68:443 udp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.178.14:443 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 www.linuxmadesimple.info udp
GB 216.58.201.115:443 www.linuxmadesimple.info tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
GB 216.58.201.115:443 www.linuxmadesimple.info tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
GB 142.250.187.195:443 tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 clients4.google.com udp
GB 216.58.212.238:443 clients4.google.com udp
GB 216.58.212.238:443 clients4.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 mobilemaps-pa-gz.googleapis.com udp
US 216.239.38.135:443 mobilemaps-pa-gz.googleapis.com udp
US 1.1.1.1:53 mobilemaps.googleapis.com udp
GB 18.244.179.22:443 downloads.mailchimp.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.180.10:443 safebrowsing.googleapis.com tcp
GB 142.250.187.201:443 www.blogger.com tcp
GB 142.250.187.201:443 udp
GB 216.58.213.2:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 142.250.180.14:443 udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 216.58.201.97:443 udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 23.204.235.47:443 mc.us3.list-manage.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.6:443 static.doubleclick.net tcp
GB 216.58.213.2:443 udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.10:443 gmscompliance-pa.googleapis.com tcp
GB 172.217.16.228:443 udp
GB 216.58.204.74:443 gmscompliance-pa.googleapis.com udp
US 1.1.1.1:53 gz0.googleusercontent.com udp
US 216.239.38.135:443 gz0.googleusercontent.com tcp
US 216.239.38.135:443 gz0.googleusercontent.com tcp
US 216.239.38.135:443 gz0.googleusercontent.com tcp
GB 216.58.204.68:443 udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.204.65:443 yt3.ggpht.com tcp
GB 216.58.204.65:443 tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 142.250.200.2:443 googleads4.g.doubleclick.net tcp
GB 142.250.179.225:443 udp
GB 142.250.187.230:443 s0.2mdn.net tcp
GB 142.250.178.14:443 udp
GB 142.250.200.2:443 udp
GB 142.250.187.230:443 udp
GB 142.250.187.206:443 tcp
GB 142.250.178.14:443 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.238:443 clients4.google.com tcp
GB 216.58.212.238:443 clients4.google.com udp
GB 142.250.187.201:443 udp
GB 216.58.212.238:443 clients4.google.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
GB 172.217.169.67:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 216.58.204.66:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.78:443 udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.34:443 tcp
GB 142.250.187.200:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.200.38:80 tcp
GB 142.250.200.38:443 tcp
GB 216.58.212.194:443 tcp
US 216.239.32.36:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.195:443 tcp
GB 142.250.200.10:443 gmscompliance-pa.googleapis.com tcp

Files

files/dom-0.html

MD5 a93cf5b20ae9e08aeabd719fad58e1cc
SHA1 2bc4ccabce209ca903085a0f6649f4d94d520cce
SHA256 cc6f10054bded700a747fca412fbc49800800ca47f99be7473b5aff390f73d57
SHA512 3e7c0643461d65d451755b29117cbf4226ed1e682ccbd57813fddd5c1fd4dc579ff0aac4da439ab73b08af942e202705192c47ef79ce15e62a24715f915fc163