Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Checks memory information
Reads the content of photos stored on the user's device.
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 11:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 11:57
Reported
2024-05-30 13:07
Platform
android-x86-arm-20240514-en
Max time kernel
1661s
Max time network
1829s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.201.106:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | qescxkkvubz | udp |
| US | 1.1.1.1:53 | gqojpar | udp |
| US | 1.1.1.1:53 | gfdvmwvdcdb | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 172.217.169.3:80 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | tcp |
Files
files/dom-0.html
| MD5 | b02e43ef4288ac6a0783d733d0dfd659 |
| SHA1 | 541f1d9b63cf388189ec9cd7bcd119060ac79e7e |
| SHA256 | f006e7b8ce0db13f6670dba0f2439fef097cb45e536cca6e88e501140395c291 |
| SHA512 | 2b2a2dcc0f4cf90461c81424c10b7bf70839f862f15f8cfc4f955a1e08ac7061f2f69b9d815ea7fa469f8a65dc63a09b993b1dc4a73c250e28d67be3d1d9f2b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 11:57
Reported
2024-05-30 13:10
Platform
android-x64-20240514-en
Max time kernel
1795s
Max time network
1793s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.212.202:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.206:443 | clients1.google.com | tcp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | lahoecvjavuginw | udp |
| US | 1.1.1.1:53 | gdlprozxprktgx | udp |
| US | 1.1.1.1:53 | grsvzjmyc | udp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 74.125.133.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | fd86f6ac84c5aa0b6f5c9425da14a9af |
| SHA1 | f218cdb1ea3272df9536b3c0f14032891d4c545a |
| SHA256 | 75c393511e83034730df2b46c7e9d46b41e1be59e2ffda43c091efe34840d2b6 |
| SHA512 | f85c7707694eae6995cb4acc6ff081e45f43863c77fedc1974080beeffbe6db1252cc782a869dd95a9aab6f66ab3d17c832e13fab8a3d5ada7bcae55ecf8f615 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-30 11:57
Reported
2024-05-30 13:10
Platform
android-x64-arm64-20240514-en
Max time kernel
1805s
Max time network
1809s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | uusbpfpixkfmvo | udp |
| US | 1.1.1.1:53 | zyjvjbpodqr | udp |
| US | 1.1.1.1:53 | bwwjoyjch | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | 214e24218868fed6e0860684a6c20aee |
| SHA1 | 3fc868d22f6a87885ba2c270863552fa892e0719 |
| SHA256 | 31048dba7cd147f6d6b069ba6698e64ada2d7dbcf1ba593578c82f45ab7ca12a |
| SHA512 | 0caeaa7ed3a0288b921037d14f60e9a35faf8b25fdefdfad8be37dc59f94da8c5437c6aa8355053895055218227ccd6086781e5e67074da3dd33aa94c532568a |