hxxps://aru103941[.]page[.]link/RtQw

Analysis

max time kernel
129s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
27/05/2024, 13:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aru103941.page.link/RtQw

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4431

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.206
DNS

aru103941.page.link

Remote address:

1.1.1.1:53

Request

aru103941.page.link

IN A

Response

aru103941.page.link

IN A

142.250.200.33
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.133.84
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.133.84
DNS

aru103941.page.link

Remote address:

1.1.1.1:53

Request

aru103941.page.link

IN A

Response

aru103941.page.link

IN A

142.250.178.1
POST

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

Remote address:

74.125.133.84:443

Request

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://aru103941.page.link/RtQw

Remote address:

142.250.178.1:443

Request

GET /RtQw HTTP/2.0
host: aru103941.page.link
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://aru103941.page.link/RtQw

Remote address:

142.250.178.1:443

Request

GET /RtQw HTTP/2.0
host: aru103941.page.link
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.40
DNS

fattura-id.com

Remote address:

1.1.1.1:53

Request

fattura-id.com

IN A

Response

fattura-id.com

IN CNAME

public31.id6840651061.co

public31.id6840651061.co

IN A

160.165.146.197
GET

https://fattura-id.com/index.html

Remote address:

160.165.146.197:443

Request

GET /index.html HTTP/2.0
host: fattura-id.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Mon, 27 May 2024 13:48:51 GMT
content-type: text/html; charset=iso-8859-1
content-length: 19
strict-transport-security: max-age=604800
GET

https://fattura-id.com/favicon.ico

Remote address:

160.165.146.197:443

Request

GET /favicon.ico HTTP/2.0
host: fattura-id.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fattura-id.com/index.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Mon, 27 May 2024 13:48:51 GMT
content-type: text/html; charset=iso-8859-1
content-length: 19
strict-transport-security: max-age=604800
DNS

safebrowsing.googleapis.com

Remote address:

1.1.1.1:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

172.217.169.10
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.250.200.35
POST

https://update.googleapis.com/service/update2

Remote address:

142.250.200.35:443

Request

POST /service/update2 HTTP/1.1
Content-Length: 673
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Security-Policy: script-src 'report-sample' 'nonce-eCmsgt3x2UzY7OEUqNx1uw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 27 May 2024 13:48:58 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6356
X-Daystart: 24538
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://update.googleapis.com/service/update2

Remote address:

142.250.200.35:443

Request

POST /service/update2 HTTP/1.1
Content-Length: 687
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Security-Policy: script-src 'report-sample' 'nonce-YZHbB_00-u7lfiySfUaqHA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 27 May 2024 13:48:58 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6356
X-Daystart: 24538
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

bcnbmsmwekwpbq

Remote address:

1.1.1.1:53

Request

bcnbmsmwekwpbq

IN A

Response
DNS

axkfbgoyplqfue

Remote address:

1.1.1.1:53

Request

axkfbgoyplqfue

IN A

Response
DNS

ymzykjaoroywf

Remote address:

1.1.1.1:53

Request

ymzykjaoroywf

IN A

Response
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

216.58.212.227
POST

https://update.googleapis.com/service/update2/json?cup2key=10:1769991207&cup2hreq=28067bb9a99fb4f1f75e296bb0dbfd5135558da024de0974439928eb78670b42

Remote address:

216.58.212.227:443

Request

POST /service/update2/json?cup2key=10:1769991207&cup2hreq=28067bb9a99fb4f1f75e296bb0dbfd5135558da024de0974439928eb78670b42 HTTP/2.0
host: update.googleapis.com
content-length: 1314
x-goog-update-appid: gcmjkmgdlgnkkcocmoeiminaijmmjnii,hfnkpimlhhgieaddgfemjhofmfblmnib,giekcmmlnklenlaomppkphknjmnnpneh,jflookgnkcckhobaglndicnbbgbonegd,llkgjffcdpffmhiakmfcdcblohccpfmo,ggkkehgbnfjpeggfpleeakpidbkibbmn,khaoiebndkojlmppeemjhbpbandiljpe,bklopemakmnopmghhmccadeonafabnal
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-83.0.4103.106
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 986
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 977
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 899
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 975
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 979
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1032
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 965
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

Remote address:

216.58.212.227:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 904
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
DNS

fattura-id.com

Remote address:

1.1.1.1:53

Request

fattura-id.com

IN A

Response

fattura-id.com

IN CNAME

public31.id6840651061.co

public31.id6840651061.co

IN A

160.165.146.197

142.250.200.46:443

tls, https

1.5kB
40 B
1
1
142.250.200.46:443

tls, https

1.5kB
40 B
1
1
216.58.212.206:443

android.apis.google.com

tls

5.9kB
8.9kB
24
23
216.58.212.206:443

android.apis.google.com

tls

1.8kB
6.0kB
10
10
74.125.133.84:443

accounts.google.com

100 B
60 B
2
1
74.125.133.84:443

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

tls, http2

2.2kB
7.5kB
20
16

HTTP Request

POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.178.1:443

https://aru103941.page.link/RtQw

tls, http2

2.3kB
7.3kB
21
18

HTTP Request

GET https://aru103941.page.link/RtQw

HTTP Request

GET https://aru103941.page.link/RtQw
142.250.200.40:443

ssl.google-analytics.com

tls

1.3kB
6.1kB
9
9
160.165.146.197:443

https://fattura-id.com/favicon.ico

tls, http2

2.1kB
4.6kB
20
15

HTTP Request

GET https://fattura-id.com/index.html

HTTP Response

403

HTTP Request

GET https://fattura-id.com/favicon.ico

HTTP Response

403
142.250.200.35:443

https://update.googleapis.com/service/update2

tls, http

3.2kB
8.2kB
14
13

HTTP Request

POST https://update.googleapis.com/service/update2

HTTP Response

200

HTTP Request

POST https://update.googleapis.com/service/update2

HTTP Response

200
216.58.201.100:443

tls, https

904 B
40 B
2
1
216.58.201.100:443

www.google.com

tls

11.2kB
8.8kB
29
34
216.58.212.227:443

https://update.googleapis.com/service/update2/json

tls, http2

14.3kB
18.2kB
52
72

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:1769991207&cup2hreq=28067bb9a99fb4f1f75e296bb0dbfd5135558da024de0974439928eb78670b42

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json
160.165.146.197:443

fattura-id.com

tls, http2

897 B
567 B
7
4

224.0.0.251:5353

3.9kB
15
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

216.58.212.206
1.1.1.1:53

aru103941.page.link

dns

65 B
81 B
1
1

DNS Request

aru103941.page.link

DNS Response

142.250.200.33
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.133.84
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.133.84
1.1.1.1:53

aru103941.page.link

dns

65 B
81 B
1
1

DNS Request

aru103941.page.link

DNS Response

142.250.178.1
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.40
1.1.1.1:53

fattura-id.com

dns

60 B
114 B
1
1

DNS Request

fattura-id.com

DNS Response

160.165.146.197
1.1.1.1:53

safebrowsing.googleapis.com

dns

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

172.217.169.10
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

142.250.200.35
1.1.1.1:53

bcnbmsmwekwpbq

dns

60 B
135 B
1
1

DNS Request

bcnbmsmwekwpbq
1.1.1.1:53

axkfbgoyplqfue

dns

60 B
135 B
1
1

DNS Request

axkfbgoyplqfue
1.1.1.1:53

ymzykjaoroywf

dns

59 B
134 B
1
1

DNS Request

ymzykjaoroywf
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

216.58.212.227
1.1.1.1:53

fattura-id.com

dns

60 B
114 B
1
1

DNS Request

fattura-id.com

DNS Response

160.165.146.197

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
75B

MD5
8b70641403f868e50e72c8952d0e9aeb

SHA1
9e8c8412e2622c977787bfbf2ada23eaf79aa4d7

SHA256
b5253b50ff6c16fa0068418b9c8be696a3e1657356a654e80aee98e52a1e6c0e

SHA512
41f22a300ea2749a7d83fa7544fefcd3a50003fc59f8d4532ea9bf210d3d43ab0193d3df6a0548f4f8907e9c87e43c27fd2609c2044fbbbd0d652196f972dc0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.