Malware Analysis Report

2025-01-19 07:51

Sample ID 240608-w2tnwsfb99
Target https://onelink.shein.com/2/3pzcq5sdnah7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://onelink.shein.com/2/3pzcq5sdnah7 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 18:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 18:25

Reported

2024-06-08 18:57

Platform

android-x86-arm-20240603-en

Max time kernel

1769s

Max time network

1829s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 224.0.0.251:5353 udp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
N/A 10.127.0.1:12000 tcp
US 1.1.1.1:53 onelink.shein.com udp
N/A 10.127.0.1:12000 tcp
US 1.1.1.1:53 onelink.shein.com udp
US 172.64.151.183:443 onelink.shein.com tcp
US 172.64.151.183:443 onelink.shein.com tcp
US 172.64.151.183:443 onelink.shein.com tcp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 onelink.shein.com udp
GB 142.250.179.227:80 tcp
GB 142.250.179.228:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.200.35:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.35:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.35:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 1.1.1.1:53 onelink.shein.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 1.1.1.1:53 onelink.shein.com udp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.200.14:443 tcp

Files

files/dom-0.html

MD5 f6d3cf087bcb075a65c3302ca9216405
SHA1 cfbbe83c7a4659cc66280516639ad29957cbaed8
SHA256 9f2fb14e0962b47ecb4f682378631546eebcd3ec48296762a645228af5a0b0cd
SHA512 9fd970ae6fc59efe33905d2b324c91e7125bee5a4a8eb1355791ff6c079dce2b6b61b39ee903c86935da15b0b847b62f193892a902a7e027c54188ee8bfebeb0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 18:25

Reported

2024-06-08 18:57

Platform

android-x64-20240603-en

Max time kernel

1807s

Max time network

1788s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 172.64.151.183:443 onelink.shein.com tcp
US 172.64.151.183:443 onelink.shein.com tcp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
US 1.1.1.1:53 m.shein.com udp
US 1.1.1.1:53 sheinh5.ltwebstatic.com udp
US 1.1.1.1:53 img.ltwebstatic.com udp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 104.18.41.207:443 img.ltwebstatic.com tcp
US 1.1.1.1:53 imgholder.ltwebstatic.com udp
US 1.1.1.1:53 www.srmdata-eur.com udp
DE 35.207.175.7:443 www.srmdata-eur.com tcp
DE 35.207.175.7:443 www.srmdata-eur.com tcp
DE 35.207.175.7:443 www.srmdata-eur.com tcp
US 1.1.1.1:53 play.google.com udp
GB 142.250.180.14:443 play.google.com tcp
GB 142.250.180.14:443 play.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
US 1.1.1.1:53 play-lh.googleusercontent.com udp
US 1.1.1.1:53 ssl.gstatic.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 216.58.204.86:443 play-lh.googleusercontent.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 payments.google.com udp
US 1.1.1.1:53 apis.google.com udp
BE 142.250.110.92:443 payments.google.com tcp
GB 142.250.200.46:443 apis.google.com tcp
US 1.1.1.1:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
GB 172.217.169.46:443 tcp
GB 142.250.200.35:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 play.google.com udp
GB 142.250.180.14:443 play.google.com tcp

Files

files/dom-0.html

MD5 b2cdd7044fb4cb85d5a9b019bfed364b
SHA1 c2bb4341eef60006542501a2c315da34bfda5a85
SHA256 746d6d38e3940b0c7edceea9cc67b02be4ccace52d8a9774760fb5401eb0018d
SHA512 a6c018874319aebc7c68455f02432ddd746e65bad356b1ee6b471fd73b4a76bbcd20e1c92aff4f8ea1a51ee05cef81d212359ac7a9512ac10b925d822705c7bf

files/dom-1.html

MD5 26f8000aa46c7b9fbb036189f70444d8
SHA1 ed40cb718894e74f6d17e0efa7eacd6f2a00a698
SHA256 4255494adb46065c8120319b1dad6e95195ce0e48e07c2713c495591a43784f9
SHA512 151172a12298e66f5da87d289dc879874d19808c0938d745f3cf1b39290b37ca006df9483366c857630333d2a2afbba1fbf54566f3730b5ad3051aa1e6e6c413

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-08 18:25

Reported

2024-06-08 18:57

Platform

android-x64-arm64-20240603-en

Max time kernel

1820s

Max time network

1833s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 onelink.shein.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 onelink.shein.com udp
US 104.18.36.73:443 onelink.shein.com tcp
US 104.18.36.73:443 onelink.shein.com tcp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 1.1.1.1:53 m.shein.com udp
US 1.1.1.1:53 sheinh5.ltwebstatic.com udp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 172.64.146.49:443 sheinh5.ltwebstatic.com tcp
US 1.1.1.1:53 img.ltwebstatic.com udp
US 1.1.1.1:53 www.srmdata-eur.com udp
DE 35.207.175.7:443 www.srmdata-eur.com tcp
DE 35.207.175.7:443 www.srmdata-eur.com tcp
US 172.64.146.49:443 img.ltwebstatic.com tcp
US 1.1.1.1:53 imgholder.ltwebstatic.com udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 sheinh5.ltwebstatic.com udp
US 1.1.1.1:53 m.shein.com udp
US 1.1.1.1:53 sheinh5.ltwebstatic.com udp
GB 142.250.187.194:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.169.78:443 tcp

Files

files/dom-0.html

MD5 a5eeb74e74983283819883ed7b5b3e32
SHA1 b39324644de913ef7a0665f567341f7873e7e436
SHA256 9739987df8bc1096524b7332d81bbbf32ae76d8cb701916b111e330c5a85b433
SHA512 04e0964773d6ef26eb583e77f85a90f82a6a78ca0f91c08ad9536526272868c848c5840f0228381951a86973da98d3a1d38ba3970eeb2df12c6380d1a1e76943