Malware Analysis Report

2024-11-15 05:20

Sample ID 240617-ewb38ateqg
Target https://angledent.world/04b1a3def40f3a8232b06e1d605dde56
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://angledent.world/04b1a3def40f3a8232b06e1d605dde56 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:17

Reported

2024-06-17 04:17

Platform

ubuntu2404-amd64-20240523-en

Max time network

38s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
ES 18.154.37.188:443 www.mozilla.org tcp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
BE 2.17.107.186:80 r11.o.lencr.org tcp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 angledent.world udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
BE 2.17.107.153:80 r10.o.lencr.org tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 www.angledent.world udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.232.194.163:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
BE 2.17.107.153:80 r10.o.lencr.org tcp
BE 2.17.107.186:80 r10.o.lencr.org tcp
BE 2.17.107.186:80 r10.o.lencr.org tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
BE 2.17.107.186:80 r10.o.lencr.org tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.bbc.com udp
US 8.8.8.8:53 www.bbc.com udp
US 8.8.8.8:53 nautil.us udp
US 8.8.8.8:53 nautil.us udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
BE 2.17.107.153:80 r10.o.lencr.org tcp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
BE 2.17.107.153:80 r10.o.lencr.org tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www-live.waf.digital-prod.vodafoneaws.co.uk udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 bbc.map.fastly.net udp
ES 18.154.37.188:443 www.mozilla.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 foundation.mozilla.org udp
US 8.8.8.8:53 foundation.mozilla.org udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.107.243.93:443 push.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 getpocket.com udp
US 1.1.1.1:53 reddit.map.fastly.net udp
US 1.1.1.1:53 e11847.a.akamaiedge.net udp
US 1.1.1.1:53 bbc.map.fastly.net udp
US 1.1.1.1:53 www.theverge.com udp
US 1.1.1.1:53 variety.com udp
US 1.1.1.1:53 variety.com udp
US 1.1.1.1:53 n.sni.global.fastly.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 foundation.mozilla.org udp
US 1.1.1.1:53 foundation.mozilla.org udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 www.hellofresh.co.uk udp
US 1.1.1.1:53 www.politico.eu udp
US 1.1.1.1:53 www.politico.eu udp
US 1.1.1.1:53 www.hellofresh.co.uk.cdn.cloudflare.net udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 fp2e7a.wpc.phicdn.net udp
US 1.1.1.1:53 apnews.com udp
US 1.1.1.1:53 time.com udp
US 1.1.1.1:53 apnews.com udp
US 1.1.1.1:53 time.com udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 www.fastcompany.com udp
US 8.8.8.8:53 dualstack.guardian.map.fastly.net udp
US 8.8.8.8:53 mansueto.map.fastly.net udp
US 8.8.8.8:53 www.gq-magazine.co.uk udp
US 8.8.8.8:53 psyche.co udp
US 8.8.8.8:53 psyche.co udp
US 8.8.8.8:53 www.gq-magazine.co.uk udp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp

Files

N/A