Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-hvbb3sff2s
Target http://mind.se
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://mind.se was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:02

Reported

2024-06-03 07:39

Platform

android-33-x64-arm64-20240514-en

Max time kernel

1254s

Max time network

1271s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.14:443 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 mind.se udp
US 104.26.0.123:80 mind.se tcp
US 104.26.0.123:80 mind.se tcp
US 104.26.0.123:443 mind.se tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
US 104.17.246.203:443 unpkg.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.18.9.9:443 tcp
US 104.18.9.9:443 code.highcharts.com tcp
US 104.17.73.14:443 ajax.cloudflare.com tcp
US 104.18.9.9:443 tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
DE 20.79.102.66:443 mind.piwik.pro tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
DE 20.79.102.66:443 mind.piwik.pro tcp
DE 20.79.102.66:443 mind.containers.piwik.pro tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 udp
GB 216.58.201.106:443 gmscompliance-pa.googleapis.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.179.228:443 udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
GB 142.250.200.35:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 216.58.201.100:443 udp
US 35.190.80.1:443 udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 216.58.201.100:443 udp
GB 172.217.169.40:443 tcp
GB 142.250.200.38:80 tcp
GB 172.217.169.2:443 tcp
GB 172.217.169.2:443 tcp
GB 172.217.169.78:443 tcp
US 216.239.34.36:443 tcp
GB 142.250.200.10:443 gmscompliance-pa.googleapis.com tcp
GB 216.58.204.67:443 tcp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 142.250.187.228:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.36:443 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
DE 20.79.102.66:443 mind.piwik.pro tcp
GB 163.70.147.23:443 tcp
US 151.101.193.16:443 images-na.ssl-images-amazon.com tcp
NL 185.15.59.224:443 en.m.wikipedia.org tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
US 151.101.130.206:443 ir.ebaystatic.com tcp
GB 157.240.214.174:443 tcp
US 104.26.1.123:443 mind.se tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
US 1.1.1.1:53 encrypted-tbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 sticker-pa.googleapis.com udp
GB 172.217.169.74:443 sticker-pa.googleapis.com tcp

Files

files/dom-0.html

MD5 5ec9c5b6be35dbbc317db2bd44ce2d81
SHA1 38c446fdece910edb60a644dfdd46dc93a050641
SHA256 4b9749f42598c98b0bf73ac97f80c5e8de93c7ecf1422111a4cb519744a095ae
SHA512 a63dce450f8ab3f757433f0f11595e99b0c0d477573cbe9036481bf8862bdd2d58799b4ea5335b2845a3b3448c3f8c750d84055d668a79a409784648e693c14b