Malware Analysis Report

2025-01-19 07:51

Sample ID 240608-wx6gwsfb25
Target https://replit.com/@Mthh/Shein-bot%23config.json
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://replit.com/@Mthh/Shein-bot%23config.json was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 18:19

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 18:19

Reported

2024-06-08 18:46

Platform

android-x64-20240603-en

Max time kernel

1221s

Max time network

1226s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 replit.com udp
US 172.64.145.106:443 replit.com tcp
US 172.64.145.106:443 replit.com tcp
US 1.1.1.1:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 replit.com udp
GB 172.217.16.227:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 replit.com udp
US 1.1.1.1:53 replit.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

files/dom-0.html

MD5 8855ca3537707332d77b6a149689e795
SHA1 b985c15001ebe2c6e6dfbb65498e01d3be6d4bac
SHA256 556d0bf7e53807aeb40486ed9fde3009e74dc912582f0b856dffa50ff689c9c9
SHA512 cbe8db5c28329ec1bcf85918e7d43873926616b2f9ba63464699d109669083b081db7417e94b7e160ac37baf74cdba166ae1c380efd6505d6259e834bf7f9a22

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-08 18:19

Reported

2024-06-08 18:47

Platform

android-x64-arm64-20240603-en

Max time kernel

1229s

Max time network

1238s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 replit.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 replit.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 104.18.42.150:443 replit.com tcp
US 1.1.1.1:53 polyfill-fastly.io udp
US 1.1.1.1:53 sp.replit.com udp
US 1.1.1.1:53 cdn.replit.com udp
US 172.64.145.106:443 cdn.replit.com tcp
US 1.1.1.1:53 polyfill-fastly.io udp
US 151.101.1.91:443 polyfill-fastly.io tcp
US 35.224.251.249:443 sp.replit.com tcp
US 104.18.42.150:443 cdn.replit.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 js.hcaptcha.com udp
US 104.19.230.21:443 js.hcaptcha.com tcp
US 1.1.1.1:53 o1151714.ingest.sentry.io udp
US 34.120.195.249:443 o1151714.ingest.sentry.io tcp
US 1.1.1.1:53 js.stripe.com udp
US 1.1.1.1:53 app.launchdarkly.com udp
US 151.101.128.176:443 js.stripe.com tcp
US 151.101.130.217:443 app.launchdarkly.com tcp
US 151.101.130.217:443 app.launchdarkly.com tcp
US 1.1.1.1:53 cdn.segment.com udp
GB 143.204.179.196:443 cdn.segment.com tcp
US 1.1.1.1:53 clientstream.launchdarkly.com udp
US 13.248.151.210:443 clientstream.launchdarkly.com tcp
GB 143.204.179.196:443 cdn.segment.com tcp
US 1.1.1.1:53 api.stripe.com udp
US 1.1.1.1:53 identitytoolkit.googleapis.com udp
IE 34.240.123.193:443 api.stripe.com tcp
GB 142.250.187.202:443 identitytoolkit.googleapis.com tcp
US 1.1.1.1:53 apis.google.com udp
US 35.224.251.249:443 sp.replit.com tcp
US 151.101.128.176:443 js.stripe.com tcp
US 1.1.1.1:53 r.stripe.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 apis.google.com udp
GB 216.58.204.78:443 apis.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 173.194.76.155:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 r.stripe.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 1.1.1.1:53 m.stripe.network udp
US 1.1.1.1:53 r.stripe.com udp
US 54.186.23.98:443 r.stripe.com tcp
US 54.186.23.98:443 r.stripe.com tcp
US 54.186.23.98:443 r.stripe.com tcp
US 1.1.1.1:53 m.stripe.com udp
US 54.213.45.60:443 m.stripe.com tcp
US 54.213.45.60:443 m.stripe.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 reachability.replit.app udp
US 34.117.33.233:443 reachability.replit.app tcp
US 1.1.1.1:53 dotdevproxy.kirk.replit.dev udp
US 35.247.106.28:443 dotdevproxy.kirk.replit.dev tcp
US 1.1.1.1:53 dotdevproxy.spock.replit.dev udp
US 34.82.58.13:443 dotdevproxy.spock.replit.dev tcp
US 1.1.1.1:53 logs.browser-intake-datadoghq.com udp
US 3.233.158.24:443 logs.browser-intake-datadoghq.com tcp
US 1.1.1.1:53 dotdevproxy.kirk.repl.co udp
US 35.247.106.28:443 dotdevproxy.kirk.repl.co tcp
US 35.247.106.28:443 dotdevproxy.kirk.repl.co tcp
US 1.1.1.1:53 dotdevproxy.spock.repl.co udp
US 34.82.58.13:443 dotdevproxy.spock.repl.co tcp
US 34.82.58.13:443 dotdevproxy.spock.repl.co tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 replit.com udp
GB 172.217.16.226:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

files/dom-0.html

MD5 ef021e530e917741458a974416470a78
SHA1 b518d7ecd4b928c43bc8447c5aedf3bc5bdb647b
SHA256 8e68ed120d068b552b391624e8cc3520794f9b6942a4c1117bfc73f734944fe3
SHA512 5b2d0389d89f0c35d0104303286fc9c7bbb6ba47a5d77dd3a7b06270f397e513b2d0784cba8e779f3826c6d1cb248e1e7249e2080bb6c63d64736232cc368270

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 18:19

Reported

2024-06-08 18:46

Platform

android-x86-arm-20240603-en

Max time kernel

25s

Max time network

1075s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 replit.com udp
US 104.18.42.150:443 replit.com tcp
US 104.18.42.150:443 replit.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

N/A