Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://replit.com/@Mthh/Shein-bot%23config.json was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 18:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 18:19
Reported
2024-06-08 18:46
Platform
android-x64-20240603-en
Max time kernel
1221s
Max time network
1226s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | replit.com | udp |
| US | 172.64.145.106:443 | replit.com | tcp |
| US | 172.64.145.106:443 | replit.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 1.1.1.1:53 | replit.com | udp |
| GB | 172.217.16.227:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | replit.com | udp |
| US | 1.1.1.1:53 | replit.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
files/dom-0.html
| MD5 | 8855ca3537707332d77b6a149689e795 |
| SHA1 | b985c15001ebe2c6e6dfbb65498e01d3be6d4bac |
| SHA256 | 556d0bf7e53807aeb40486ed9fde3009e74dc912582f0b856dffa50ff689c9c9 |
| SHA512 | cbe8db5c28329ec1bcf85918e7d43873926616b2f9ba63464699d109669083b081db7417e94b7e160ac37baf74cdba166ae1c380efd6505d6259e834bf7f9a22 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-08 18:19
Reported
2024-06-08 18:47
Platform
android-x64-arm64-20240603-en
Max time kernel
1229s
Max time network
1238s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | replit.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | replit.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 104.18.42.150:443 | replit.com | tcp |
| US | 1.1.1.1:53 | polyfill-fastly.io | udp |
| US | 1.1.1.1:53 | sp.replit.com | udp |
| US | 1.1.1.1:53 | cdn.replit.com | udp |
| US | 172.64.145.106:443 | cdn.replit.com | tcp |
| US | 1.1.1.1:53 | polyfill-fastly.io | udp |
| US | 151.101.1.91:443 | polyfill-fastly.io | tcp |
| US | 35.224.251.249:443 | sp.replit.com | tcp |
| US | 104.18.42.150:443 | cdn.replit.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | js.hcaptcha.com | udp |
| US | 104.19.230.21:443 | js.hcaptcha.com | tcp |
| US | 1.1.1.1:53 | o1151714.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o1151714.ingest.sentry.io | tcp |
| US | 1.1.1.1:53 | js.stripe.com | udp |
| US | 1.1.1.1:53 | app.launchdarkly.com | udp |
| US | 151.101.128.176:443 | js.stripe.com | tcp |
| US | 151.101.130.217:443 | app.launchdarkly.com | tcp |
| US | 151.101.130.217:443 | app.launchdarkly.com | tcp |
| US | 1.1.1.1:53 | cdn.segment.com | udp |
| GB | 143.204.179.196:443 | cdn.segment.com | tcp |
| US | 1.1.1.1:53 | clientstream.launchdarkly.com | udp |
| US | 13.248.151.210:443 | clientstream.launchdarkly.com | tcp |
| GB | 143.204.179.196:443 | cdn.segment.com | tcp |
| US | 1.1.1.1:53 | api.stripe.com | udp |
| US | 1.1.1.1:53 | identitytoolkit.googleapis.com | udp |
| IE | 34.240.123.193:443 | api.stripe.com | tcp |
| GB | 142.250.187.202:443 | identitytoolkit.googleapis.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| US | 35.224.251.249:443 | sp.replit.com | tcp |
| US | 151.101.128.176:443 | js.stripe.com | tcp |
| US | 1.1.1.1:53 | r.stripe.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 216.58.204.78:443 | apis.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| BE | 173.194.76.155:443 | stats.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | r.stripe.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | m.stripe.network | udp |
| US | 1.1.1.1:53 | r.stripe.com | udp |
| US | 54.186.23.98:443 | r.stripe.com | tcp |
| US | 54.186.23.98:443 | r.stripe.com | tcp |
| US | 54.186.23.98:443 | r.stripe.com | tcp |
| US | 1.1.1.1:53 | m.stripe.com | udp |
| US | 54.213.45.60:443 | m.stripe.com | tcp |
| US | 54.213.45.60:443 | m.stripe.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 1.1.1.1:53 | reachability.replit.app | udp |
| US | 34.117.33.233:443 | reachability.replit.app | tcp |
| US | 1.1.1.1:53 | dotdevproxy.kirk.replit.dev | udp |
| US | 35.247.106.28:443 | dotdevproxy.kirk.replit.dev | tcp |
| US | 1.1.1.1:53 | dotdevproxy.spock.replit.dev | udp |
| US | 34.82.58.13:443 | dotdevproxy.spock.replit.dev | tcp |
| US | 1.1.1.1:53 | logs.browser-intake-datadoghq.com | udp |
| US | 3.233.158.24:443 | logs.browser-intake-datadoghq.com | tcp |
| US | 1.1.1.1:53 | dotdevproxy.kirk.repl.co | udp |
| US | 35.247.106.28:443 | dotdevproxy.kirk.repl.co | tcp |
| US | 35.247.106.28:443 | dotdevproxy.kirk.repl.co | tcp |
| US | 1.1.1.1:53 | dotdevproxy.spock.repl.co | udp |
| US | 34.82.58.13:443 | dotdevproxy.spock.repl.co | tcp |
| US | 34.82.58.13:443 | dotdevproxy.spock.repl.co | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | replit.com | udp |
| GB | 172.217.16.226:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
files/dom-0.html
| MD5 | ef021e530e917741458a974416470a78 |
| SHA1 | b518d7ecd4b928c43bc8447c5aedf3bc5bdb647b |
| SHA256 | 8e68ed120d068b552b391624e8cc3520794f9b6942a4c1117bfc73f734944fe3 |
| SHA512 | 5b2d0389d89f0c35d0104303286fc9c7bbb6ba47a5d77dd3a7b06270f397e513b2d0784cba8e779f3826c6d1cb248e1e7249e2080bb6c63d64736232cc368270 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 18:19
Reported
2024-06-08 18:46
Platform
android-x86-arm-20240603-en
Max time kernel
25s
Max time network
1075s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | replit.com | udp |
| US | 104.18.42.150:443 | replit.com | tcp |
| US | 104.18.42.150:443 | replit.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| GB | 142.250.187.227:80 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |