Analysis Overview
Threat Level: Shows suspicious behavior
The file http://youtube.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of photos stored on the user's device.
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:38
Reported
2024-06-03 08:08
Platform
android-x86-arm-20240514-en
Max time kernel
1822s
Max time network
1830s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | youtube.com | udp |
| GB | 142.250.180.14:80 | youtube.com | tcp |
| GB | 142.250.180.14:80 | youtube.com | tcp |
| GB | 142.250.180.14:443 | youtube.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| GB | 216.58.213.14:443 | m.youtube.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | gstatic.com | udp |
| GB | 142.250.187.227:443 | gstatic.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ayqyqzdvj | udp |
| US | 1.1.1.1:53 | tsoydgwg | udp |
| US | 1.1.1.1:53 | qwexkzdxffbyxm | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 216.58.201.110:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 216.58.201.110:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.227:80 | clientservices.googleapis.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| BE | 108.177.15.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
Files
files/dom-0.html
| MD5 | 5c887c50a5c4c2d2e0cde7aaf04bc50d |
| SHA1 | 1fb3d1c13113a14fe2a7fe2b658c302eee1d4b98 |
| SHA256 | ac55ae744138579d5f6f1bd60c5af92fcd9072836975ae9abcab36af5827997f |
| SHA512 | eda23c2eac8951c110ee7aca8b316bd24f2d41c7fde3a8c9a4d3e86450fcaca922a5852b8ed827e2cfc5cfcbf24827f7f742ec5bd307fc26a58270144f4d7366 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:38
Reported
2024-06-03 08:09
Platform
android-x64-20240514-en
Max time kernel
1407s
Max time network
1793s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | youtube.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.5.84:443 | accounts.google.com | tcp |
| GB | 142.250.179.238:80 | youtube.com | tcp |
| GB | 142.250.179.238:80 | youtube.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.179.238:443 | youtube.com | tcp |
| GB | 142.250.178.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | jaafnhnyjlopq | udp |
| US | 1.1.1.1:53 | efynsqptpmegdw | udp |
| US | 1.1.1.1:53 | uwsdkkpfcvpoi | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| BE | 66.102.1.188:5228 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-03 07:38
Reported
2024-06-03 08:10
Platform
android-x64-arm64-20240514-en
Max time kernel
1808s
Max time network
1816s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | youtube.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | youtube.com | udp |
| GB | 142.250.180.14:80 | youtube.com | tcp |
| GB | 142.250.180.14:443 | youtube.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| GB | 142.250.200.46:443 | m.youtube.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | gstatic.com | udp |
| GB | 216.58.204.67:443 | gstatic.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | mzedgwaftpreovl | udp |
| US | 1.1.1.1:53 | boczsqrioby | udp |
| US | 1.1.1.1:53 | ejtrhghesyltgz | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
Files
files/dom-0.html
| MD5 | 4c762e89c06f879abb6b1e4172b2ed11 |
| SHA1 | c7f3e6f0e61cf9ae98982ed833ae279cbd5f4cf8 |
| SHA256 | 54a93fe6494fe6971f6d0df3922a73ba3a2b2882a5002d31c02308912b17b6ca |
| SHA512 | 52e4b0549fa064a7f7e44bc9d843867ad51cbd897c705256a63c1682bde2165a3adf8640617df59b58c685badf3ad448f26d77de3fafae3d14a680c0da5690fe |