Malware Analysis Report

2025-01-19 07:48

Sample ID 240611-wbxymavhqk
Target https://arras.io/#epp
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://arras.io/#epp was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:45

Reported

2024-06-11 17:47

Platform

android-x86-arm-20240611-en

Max time kernel

91s

Max time network

89s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 arras.io udp
US 104.21.61.109:443 arras.io tcp
US 104.21.61.109:443 arras.io tcp
US 1.1.1.1:53 config.playwire.com udp
US 1.1.1.1:53 cdn.intergi.com udp
US 1.1.1.1:53 cdn.intergient.com udp
GB 54.192.137.115:443 config.playwire.com tcp
US 1.1.1.1:53 z.moatads.com udp
GB 18.154.84.3:443 cdn.intergient.com tcp
US 1.1.1.1:53 cdn.video.playwire.com udp
GB 18.244.179.62:443 cdn.intergi.com tcp
US 1.1.1.1:53 cdn.playwire.com udp
GB 23.219.197.123:443 z.moatads.com tcp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
GB 18.164.68.32:443 cdn.video.playwire.com tcp
GB 143.204.194.54:443 cdn.playwire.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 cloudflareinsights.com udp
US 104.21.61.109:443 arras.io tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 1.1.1.1:53 qrp6ujau11f36bnm.uvwx.xyz udp
DE 168.119.66.83:2222 qrp6ujau11f36bnm.uvwx.xyz tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
DE 168.119.66.83:2222 qrp6ujau11f36bnm.uvwx.xyz tcp
GB 54.192.137.115:443 config.playwire.com tcp
GB 18.244.179.62:443 cdn.intergi.com tcp
GB 18.154.84.3:443 cdn.intergient.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 143.204.194.54:443 cdn.playwire.com tcp
GB 18.164.68.32:443 cdn.video.playwire.com tcp
GB 23.219.197.123:443 z.moatads.com tcp
DE 168.119.66.83:2222 qrp6ujau11f36bnm.uvwx.xyz tcp
DE 168.119.66.83:2222 qrp6ujau11f36bnm.uvwx.xyz tcp
DE 168.119.66.83:2222 qrp6ujau11f36bnm.uvwx.xyz tcp

Files

files/dom-0.html

MD5 9e0362042a5bdea037cce70681da5ca1
SHA1 292a9d28002179b801fd4724099c4a2828ee14ac
SHA256 dc8db9431be28575f80cac6417e105e3776bd250118f20040728b503d572c884
SHA512 20ad282507d624b4e0ca75f5a2b08bb6d29f473fe7f1a4ca0a95e10ba30fdd049e0b0586a067e521202048d940a7ad40eb33dee4e08eeda4835e65c4c17417d4