Malware Analysis Report

2024-10-19 11:27

Sample ID 240606-3eed1sde6z
Target http://SEXITS.FUN/?20507
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://SEXITS.FUN/?20507 was found to be: Known bad.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 23:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 23:25

Reported

2024-06-06 23:30

Platform

android-x86-arm-20240603-en

Max time kernel

115s

Max time network

149s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sexits.fun udp
US 172.67.134.227:80 sexits.fun tcp
US 172.67.134.227:80 sexits.fun tcp
US 172.67.134.227:80 sexits.fun tcp
US 172.67.134.227:80 sexits.fun tcp
US 1.1.1.1:53 velvetromance.life udp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

files/dom-0.html

MD5 c4717edd82c5d262e99ea20cf30a3c66
SHA1 d4e3ad346d3ce9f332a1189578531a0a7d465a6a
SHA256 c5bf8ddca39b586027102acd2d1266d8a0de7b765d72a56fe06615b710626d5f
SHA512 9b44c5f104d2c1e92d8f4b4ef87a334d67b09962f45f6e2fa389f92de53b22718ee2737326f8a6fbbd49441969c55ce5c2305074a79c7df7985ab8dce3a5393d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 23:25

Reported

2024-06-06 23:30

Platform

android-x64-20240603-en

Max time kernel

117s

Max time network

143s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 sexits.fun udp
US 104.21.25.235:80 sexits.fun tcp
US 104.21.25.235:80 sexits.fun tcp
US 104.21.25.235:80 sexits.fun tcp
US 104.21.25.235:80 sexits.fun tcp
US 1.1.1.1:53 velvetromance.life udp
US 1.1.1.1:53 ssl.google-analytics.com udp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
US 1.1.1.1:53 udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.206:443 tcp

Files

files/dom-0.html

MD5 f47118530324bfe8217f2b2c5a4c86e1
SHA1 d7832aaaf43ef67c21feee8620ae1b01db6d8ae1
SHA256 0bc637c3fdd9d5187642df2015d3994a60d33599159660d9187bbbc467c76291
SHA512 7f447b24ce8a4c2192c40013601ec3dafc34209a183c0002274c81fb4e9f7b5e2f8acd33015abbf177191bae69473122f082f4a4b04c57d4999f54373c4ffc83

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-06 23:25

Reported

2024-06-06 23:30

Platform

android-x64-arm64-20240603-en

Max time kernel

130s

Max time network

167s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 sexits.fun udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 sexits.fun udp
US 1.1.1.1:53 accounts.google.com udp
US 172.67.134.227:80 sexits.fun tcp
BE 64.233.166.84:443 accounts.google.com tcp
US 172.67.134.227:80 sexits.fun tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 velvetromance.life udp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp
CH 185.155.186.17:443 velvetromance.life tcp

Files

files/dom-0.html

MD5 064b5ced173429ce3e979268845cbfc0
SHA1 c940658fffdda7b5fc55a7ea74bdd19de1cb708a
SHA256 eedc3add203a178d184dfe07bdde4add4aed1689d0db8239c1a0cbea23498674
SHA512 65281cd4a597fa197cc389325a610dbfe9f804196a022c8802c71f8bccc71987c7ad05807b9b7e1f2245f8cfd065dbdbad5ec735cc4d77daf7216a5d27a12806