Malware Analysis Report

2024-10-10 07:22

Sample ID 240611-kj6d7a1fll
Target https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 08:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 08:38

Reported

2024-06-11 08:40

Platform

android-x86-arm-20240603-en

Max time kernel

64s

Max time network

74s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 qrco.de udp
GB 108.138.233.57:443 qrco.de tcp
GB 108.138.233.57:443 qrco.de tcp
US 1.1.1.1:53 postnord.se.help-nic.top udp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 postnord.se.help-nic.top udp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

files/dom-0.html

MD5 76a6376780f005363487fc89bbeb18f7
SHA1 4ef789942136dadcf05d06ef60e5ef45420cb632
SHA256 52abe7e033dc553814cf785b4f899092b235d8ed46604b3c2774e544291c6f6b
SHA512 45127443cde8dbeb3742f1ac4090e51aae403646a69b7f0d08a4c8b5f6001a0dbaf795092dfda9aaa02b271170f915c82b3cf2bb03ff03806bf712d97e9e3c46

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 08:38

Reported

2024-06-11 08:42

Platform

android-x64-20240603-en

Max time kernel

174s

Max time network

185s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 qrco.de udp
GB 108.138.233.20:443 qrco.de tcp
GB 108.138.233.20:443 qrco.de tcp
US 1.1.1.1:53 postnord.se.help-nic.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
GB 142.250.180.10:443 tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 postnord.se.help-nic.top udp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.179.238:443 clients1.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.78:443 tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 g.tenor.com udp
GB 172.217.169.10:443 g.tenor.com tcp

Files

files/dom-0.html

MD5 31ea30d993c1a9c9ac45d081ae51bd78
SHA1 6eb2f5d7f2d016c368d292f2b23de08a93f3e7ab
SHA256 298f110f751c3dcb37ef3cb621019e215552e7664755e41d9944fb19695247c2
SHA512 aac8fd2d933f22a986c184df12f7b7ffb4ee77a298213de454dfd0f40bf33cf61d2b831bc9d134ba13d69c4b994c3e652aff7a3076175a4f95dfa1bc65e9881f

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 08:38

Reported

2024-06-11 08:42

Platform

android-x64-arm64-20240603-en

Max time kernel

176s

Max time network

186s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 qrco.de udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 qrco.de udp
GB 108.138.233.20:443 qrco.de tcp
US 1.1.1.1:53 postnord.se.help-nic.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.14:443 clients1.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp
US 43.153.122.221:443 postnord.se.help-nic.top tcp

Files

files/dom-0.html

MD5 7d30ac14e35c6eeacedecced77a33cf4
SHA1 8f021d8b35b58ed46453bcf4d0055666bab109f6
SHA256 1b9c7ec4d1a904842dcf0f6d98c460fed77ac385c4535d1e6766b47fda2979f2
SHA512 9c5a53095a64521d64b54b041cbf532cdb2f550d201e42bf151040c4cd5413e9ca7c604362d4f7a4c310011b42ac98a8c192a799b8906b7a780c95571781c245

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 08:38

Reported

2024-06-11 08:41

Platform

macos-20240410-en

Max time kernel

121s

Max time network

125s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterB516C108/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.23:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
N/A 224.0.0.251:5353 udp

Files

N/A