Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 08:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 08:38
Reported
2024-06-11 08:40
Platform
android-x86-arm-20240603-en
Max time kernel
64s
Max time network
74s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | qrco.de | udp |
| GB | 108.138.233.57:443 | qrco.de | tcp |
| GB | 108.138.233.57:443 | qrco.de | tcp |
| US | 1.1.1.1:53 | postnord.se.help-nic.top | udp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | postnord.se.help-nic.top | udp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 172.217.16.238:443 | clients1.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
files/dom-0.html
| MD5 | 76a6376780f005363487fc89bbeb18f7 |
| SHA1 | 4ef789942136dadcf05d06ef60e5ef45420cb632 |
| SHA256 | 52abe7e033dc553814cf785b4f899092b235d8ed46604b3c2774e544291c6f6b |
| SHA512 | 45127443cde8dbeb3742f1ac4090e51aae403646a69b7f0d08a4c8b5f6001a0dbaf795092dfda9aaa02b271170f915c82b3cf2bb03ff03806bf712d97e9e3c46 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 08:38
Reported
2024-06-11 08:42
Platform
android-x64-20240603-en
Max time kernel
174s
Max time network
185s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | qrco.de | udp |
| GB | 108.138.233.20:443 | qrco.de | tcp |
| GB | 108.138.233.20:443 | qrco.de | tcp |
| US | 1.1.1.1:53 | postnord.se.help-nic.top | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| GB | 142.250.180.10:443 | tcp | |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | postnord.se.help-nic.top | udp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.179.238:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 172.217.169.10:443 | g.tenor.com | tcp |
Files
files/dom-0.html
| MD5 | 31ea30d993c1a9c9ac45d081ae51bd78 |
| SHA1 | 6eb2f5d7f2d016c368d292f2b23de08a93f3e7ab |
| SHA256 | 298f110f751c3dcb37ef3cb621019e215552e7664755e41d9944fb19695247c2 |
| SHA512 | aac8fd2d933f22a986c184df12f7b7ffb4ee77a298213de454dfd0f40bf33cf61d2b831bc9d134ba13d69c4b994c3e652aff7a3076175a4f95dfa1bc65e9881f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 08:38
Reported
2024-06-11 08:42
Platform
android-x64-arm64-20240603-en
Max time kernel
176s
Max time network
186s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | qrco.de | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | qrco.de | udp |
| GB | 108.138.233.20:443 | qrco.de | tcp |
| US | 1.1.1.1:53 | postnord.se.help-nic.top | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.14:443 | clients1.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
| US | 43.153.122.221:443 | postnord.se.help-nic.top | tcp |
Files
files/dom-0.html
| MD5 | 7d30ac14e35c6eeacedecced77a33cf4 |
| SHA1 | 8f021d8b35b58ed46453bcf4d0055666bab109f6 |
| SHA256 | 1b9c7ec4d1a904842dcf0f6d98c460fed77ac385c4535d1e6766b47fda2979f2 |
| SHA512 | 9c5a53095a64521d64b54b041cbf532cdb2f550d201e42bf151040c4cd5413e9ca7c604362d4f7a4c310011b42ac98a8c192a799b8906b7a780c95571781c245 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-11 08:38
Reported
2024-06-11 08:41
Platform
macos-20240410-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://qrco.de/bf92Zi?kaR=fxzoeVOQKi?AlV=S3NgQR0z6t]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterB516C108/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.23:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| N/A | 224.0.0.251:5353 | udp |