Malware Analysis Report

2024-10-10 07:26

Sample ID 240614-sc9f9svhmh
Target http://spotifydownloader.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://spotifydownloader.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 14:59

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 14:59

Reported

2024-06-14 15:03

Platform

android-x64-20240611.1-en

Max time kernel

117s

Max time network

151s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 spotifydownloader.com udp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 1.1.1.1:53 ww1.spotifydownloader.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

files/dom-0.html

MD5 27801ed820dc43290da0dbd5a8f9f40a
SHA1 477077731d28a8da2ba797bab14e930d2f5f8b01
SHA256 e8ca24fa4c9fbd5810c8a1b0524b01136a39504562d1a1bfb80ea6a886b905da
SHA512 5e808ebf3d74845e0b58f6a696c9689723474e3a3a756dd8a86954c82967c0d290ca54e60d1839d5ba48d256765e1b735d745dff7993c214c00bedd4d9a824ec

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 14:59

Reported

2024-06-14 15:03

Platform

android-x64-arm64-20240611.1-en

Max time kernel

124s

Max time network

140s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 spotifydownloader.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 spotifydownloader.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 1.1.1.1:53 ww1.spotifydownloader.com udp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp

Files

files/dom-0.html

MD5 27801ed820dc43290da0dbd5a8f9f40a
SHA1 477077731d28a8da2ba797bab14e930d2f5f8b01
SHA256 e8ca24fa4c9fbd5810c8a1b0524b01136a39504562d1a1bfb80ea6a886b905da
SHA512 5e808ebf3d74845e0b58f6a696c9689723474e3a3a756dd8a86954c82967c0d290ca54e60d1839d5ba48d256765e1b735d745dff7993c214c00bedd4d9a824ec

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 14:59

Reported

2024-06-14 15:01

Platform

android-x86-arm-20240611.1-en

Max time kernel

45s

Max time network

42s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 spotifydownloader.com udp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 50.28.32.8:80 spotifydownloader.com tcp
US 1.1.1.1:53 ww1.spotifydownloader.com udp
DE 64.190.63.136:80 ww1.spotifydownloader.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp

Files

N/A