Malware Analysis Report

2024-10-10 11:10

Sample ID 240614-vjexcasgnr
Target https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/FreeYoutubeDownloader.exe
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/FreeYoutubeDownloader.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 17:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 17:00

Reported

2024-06-14 17:02

Platform

ubuntu2404-amd64-20240523-en

Max time network

57s

Command Line

N/A

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
GB 20.26.156.215:443 github.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
GB 13.224.77.115:443 www.mozilla.org tcp
US 35.190.72.216:443 location.services.mozilla.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 52.33.96.36:443 shavar.services.mozilla.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www-live.waf.digital-prod.vodafoneaws.co.uk udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.wired.com udp
US 8.8.8.8:53 www.wired.com udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 h2.condenast.map.fastly.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.107.243.93:443 push.services.mozilla.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 sb-ssl.google.com udp
US 8.8.8.8:53 sb-ssl.google.com udp
GB 142.250.187.238:443 sb-ssl.google.com tcp
US 8.8.8.8:53 www.bbc.com udp
US 8.8.8.8:53 www.bbc.com udp
US 8.8.8.8:53 www.menshealth.com udp
US 8.8.8.8:53 www.menshealth.com udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 8.8.8.8:53 bbc.map.fastly.net udp
GB 142.250.187.238:443 sb-ssl.google.com udp
US 8.8.8.8:53 gizmodo.com udp
US 8.8.8.8:53 gizmodo.com udp
US 8.8.8.8:53 www.newyorker.com udp
US 8.8.8.8:53 www.newyorker.com udp
US 8.8.8.8:53 condenast.map.fastly.net udp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 www.newstatesman.com udp
US 8.8.8.8:53 www.newstatesman.com udp
US 8.8.8.8:53 www.refinery29.com udp
US 8.8.8.8:53 www.refinery29.com udp
US 8.8.8.8:53 www.goodhousekeeping.com udp
US 8.8.8.8:53 www.goodhousekeeping.com udp
US 8.8.8.8:53 m.sni.global.fastly.net udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 8.8.8.8:53 www.spectator.co.uk udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 www.spectator.co.uk udp
US 8.8.8.8:53 www.vox.com udp
US 8.8.8.8:53 www.vox.com udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 news.sky.com udp
US 8.8.8.8:53 news.sky.com udp
US 8.8.8.8:53 e10653.e12.akamaiedge.net udp
US 8.8.8.8:53 f.shared.global.fastly.net udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.gq.com udp
US 8.8.8.8:53 www.gq.com udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 www.huffingtonpost.co.uk udp
US 8.8.8.8:53 www.huffingtonpost.co.uk udp
US 8.8.8.8:53 buzzfeed2.map.fastly.net udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
GB 18.172.89.104:443 services.addons.mozilla.org tcp
GB 18.172.89.104:443 services.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 18.165.160.87:443 addons.mozilla.org tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
DE 23.53.40.162:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
GB 216.58.204.74:443 safebrowsing.googleapis.com udp

Files

N/A