Malware Analysis Report

2025-01-19 07:50

Sample ID 240609-rksm2sca98
Target https://nodejs.org/en/blog/release/v17.1.0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://nodejs.org/en/blog/release/v17.1.0 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 14:15

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 14:15

Reported

2024-06-09 14:18

Platform

android-x64-arm64-20240603-en

Max time kernel

173s

Max time network

185s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 nodejs.org udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 nodejs.org udp
BE 173.194.76.84:443 accounts.google.com tcp
US 104.20.22.46:443 nodejs.org tcp
US 104.20.22.46:443 nodejs.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 cloud.orama.run udp
US 104.21.75.8:443 cloud.orama.run tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 34.104.35.123:443 edgedl.me.gvt1.com tcp
GB 142.250.178.14:80 dl.google.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 216.58.204.78:80 redirector.gvt1.com tcp
US 1.1.1.1:53 r1---sn-5oxmp55u-8pxe.gvt1.com udp
AT 144.208.213.44:80 r1---sn-5oxmp55u-8pxe.gvt1.com tcp
US 1.1.1.1:53 r2---sn-5oxmp55u-8pxe.gvt1.com udp
AT 144.208.213.45:80 r2---sn-5oxmp55u-8pxe.gvt1.com tcp

Files

files/dom-0.html

MD5 48494c6a22e9b2b60418ec7062d823d0
SHA1 021211644d04b327804a34bd191a11855bf6acb6
SHA256 68395f472d13925f06771d17b2cd3c8feb9db348212a6ec3e5f2c237281e3648
SHA512 922cb1ef3650723ba90b917d55e6c96fbcf5b70c3bf4621ac7fe32dec7f63b97383f1f96b3cba5e43094f1d7e9732cd454fa72cace22e42357576f652c1629e5

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 14:15

Reported

2024-06-09 14:18

Platform

android-x86-arm-20240603-en

Max time kernel

117s

Max time network

184s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 nodejs.org udp
US 104.20.23.46:443 nodejs.org tcp
US 104.20.23.46:443 nodejs.org tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

files/dom-0.html

MD5 e193e8d0c50ae594b350d1896920a967
SHA1 efd97446bb40561951e6b2d22c851dac5d3f0707
SHA256 ef2ed4201c80d861706e29062742f2fa000643322f1470c3d8fd66608a3fa694
SHA512 b53aa1d89d681aecf9e3b02ef88bb42bbe51ca46f92591941bdcfe115991d6829d80c9c38a2a239980b760789117d2839ca2b7e0f2f565bf5ebe53705e1160c3

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-09 14:15

Reported

2024-06-09 14:15

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 14:15

Reported

2024-06-09 14:19

Platform

android-x64-20240603-en

Max time kernel

143s

Max time network

243s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 nodejs.org udp
US 104.20.22.46:443 nodejs.org tcp
US 104.20.22.46:443 nodejs.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.35:443 update.googleapis.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp

Files

N/A