Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-jgchnahd99
Target http://youtube.com
Tags
discovery evasion collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://youtube.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion collection

Reads the content of photos stored on the user's device.

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:38

Reported

2024-06-03 08:08

Platform

android-x86-arm-20240514-en

Max time kernel

1822s

Max time network

1830s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 youtube.com udp
GB 142.250.180.14:80 youtube.com tcp
GB 142.250.180.14:80 youtube.com tcp
GB 142.250.180.14:443 youtube.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 m.youtube.com udp
GB 216.58.213.14:443 m.youtube.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 gstatic.com udp
GB 142.250.187.227:443 gstatic.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 1.1.1.1:53 ayqyqzdvj udp
US 1.1.1.1:53 tsoydgwg udp
US 1.1.1.1:53 qwexkzdxffbyxm udp
US 1.1.1.1:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 suggestqueries-clients6.youtube.com udp
GB 216.58.201.110:443 suggestqueries-clients6.youtube.com tcp
GB 216.58.201.110:443 suggestqueries-clients6.youtube.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.179.227:80 clientservices.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.35:443 tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp

Files

files/dom-0.html

MD5 5c887c50a5c4c2d2e0cde7aaf04bc50d
SHA1 1fb3d1c13113a14fe2a7fe2b658c302eee1d4b98
SHA256 ac55ae744138579d5f6f1bd60c5af92fcd9072836975ae9abcab36af5827997f
SHA512 eda23c2eac8951c110ee7aca8b316bd24f2d41c7fde3a8c9a4d3e86450fcaca922a5852b8ed827e2cfc5cfcbf24827f7f742ec5bd307fc26a58270144f4d7366

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:38

Reported

2024-06-03 08:09

Platform

android-x64-20240514-en

Max time kernel

1407s

Max time network

1793s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 youtube.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.5.84:443 accounts.google.com tcp
GB 142.250.179.238:80 youtube.com tcp
GB 142.250.179.238:80 youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.179.238:443 youtube.com tcp
GB 142.250.178.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 1.1.1.1:53 jaafnhnyjlopq udp
US 1.1.1.1:53 efynsqptpmegdw udp
US 1.1.1.1:53 uwsdkkpfcvpoi udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
BE 66.102.1.188:5228 tcp
GB 142.250.187.228:443 www.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 07:38

Reported

2024-06-03 08:10

Platform

android-x64-arm64-20240514-en

Max time kernel

1808s

Max time network

1816s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 youtube.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.168.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 youtube.com udp
GB 142.250.180.14:80 youtube.com tcp
GB 142.250.180.14:443 youtube.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 m.youtube.com udp
GB 142.250.200.46:443 m.youtube.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
US 1.1.1.1:53 gstatic.com udp
GB 216.58.204.67:443 gstatic.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 mzedgwaftpreovl udp
US 1.1.1.1:53 boczsqrioby udp
US 1.1.1.1:53 ejtrhghesyltgz udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 m.youtube.com udp
GB 142.250.179.226:443 tcp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 play.google.com udp
GB 142.250.187.238:443 play.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp

Files

files/dom-0.html

MD5 4c762e89c06f879abb6b1e4172b2ed11
SHA1 c7f3e6f0e61cf9ae98982ed833ae279cbd5f4cf8
SHA256 54a93fe6494fe6971f6d0df3922a73ba3a2b2882a5002d31c02308912b17b6ca
SHA512 52e4b0549fa064a7f7e44bc9d843867ad51cbd897c705256a63c1682bde2165a3adf8640617df59b58c685badf3ad448f26d77de3fafae3d14a680c0da5690fe