Malware Analysis Report

2025-01-06 07:48

Sample ID 240530-n4ptqagd31
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
discovery evasion collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion collection

Checks CPU information

Checks memory information

Reads the content of photos stored on the user's device.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 11:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 11:57

Reported

2024-05-30 13:07

Platform

android-x86-arm-20240514-en

Max time kernel

1661s

Max time network

1829s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.201.106:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 github.githubassets.com udp
US 1.1.1.1:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 1.1.1.1:53 github-cloud.s3.amazonaws.com udp
US 1.1.1.1:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 qescxkkvubz udp
US 1.1.1.1:53 gqojpar udp
US 1.1.1.1:53 gfdvmwvdcdb udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 172.217.169.3:80 tcp
GB 216.58.201.100:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.16.227:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.179.238:443 tcp

Files

files/dom-0.html

MD5 b02e43ef4288ac6a0783d733d0dfd659
SHA1 541f1d9b63cf388189ec9cd7bcd119060ac79e7e
SHA256 f006e7b8ce0db13f6670dba0f2439fef097cb45e536cca6e88e501140395c291
SHA512 2b2a2dcc0f4cf90461c81424c10b7bf70839f862f15f8cfc4f955a1e08ac7061f2f69b9d815ea7fa469f8a65dc63a09b993b1dc4a73c250e28d67be3d1d9f2b9

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 11:57

Reported

2024-05-30 13:10

Platform

android-x64-20240514-en

Max time kernel

1795s

Max time network

1793s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.212.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 1.1.1.1:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 1.1.1.1:53 github-cloud.s3.amazonaws.com udp
US 1.1.1.1:53 user-images.githubusercontent.com udp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.206:443 clients1.google.com tcp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.14:443 tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 lahoecvjavuginw udp
US 1.1.1.1:53 gdlprozxprktgx udp
US 1.1.1.1:53 grsvzjmyc udp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

files/dom-0.html

MD5 fd86f6ac84c5aa0b6f5c9425da14a9af
SHA1 f218cdb1ea3272df9536b3c0f14032891d4c545a
SHA256 75c393511e83034730df2b46c7e9d46b41e1be59e2ffda43c091efe34840d2b6
SHA512 f85c7707694eae6995cb4acc6ff081e45f43863c77fedc1974080beeffbe6db1252cc782a869dd95a9aab6f66ab3d17c832e13fab8a3d5ada7bcae55ecf8f615

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-30 11:57

Reported

2024-05-30 13:10

Platform

android-x64-arm64-20240514-en

Max time kernel

1805s

Max time network

1809s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 github.com udp
BE 66.102.1.84:443 accounts.google.com tcp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 1.1.1.1:53 avatars.githubusercontent.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 1.1.1.1:53 github-cloud.s3.amazonaws.com udp
US 1.1.1.1:53 user-images.githubusercontent.com udp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
US 1.1.1.1:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 1.1.1.1:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 1.1.1.1:53 uusbpfpixkfmvo udp
US 1.1.1.1:53 zyjvjbpodqr udp
US 1.1.1.1:53 bwwjoyjch udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp

Files

files/dom-0.html

MD5 214e24218868fed6e0860684a6c20aee
SHA1 3fc868d22f6a87885ba2c270863552fa892e0719
SHA256 31048dba7cd147f6d6b069ba6698e64ada2d7dbcf1ba593578c82f45ab7ca12a
SHA512 0caeaa7ed3a0288b921037d14f60e9a35faf8b25fdefdfad8be37dc59f94da8c5437c6aa8355053895055218227ccd6086781e5e67074da3dd33aa94c532568a