Malware Analysis Report

2024-11-15 05:20

Sample ID 240617-esth4atdpd
Target https://dermond-holding.com/prorevolutionist.php
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://dermond-holding.com/prorevolutionist.php was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:12

Reported

2024-06-17 04:13

Platform

ubuntu2404-amd64-20240523-en

Max time network

62s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.reddit.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.facebook.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 dermond-holding.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.amazon.com udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 dermond-holding.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 tcp

Files

N/A