Analysis Overview
score
10/10
Threat Level: Known bad
The file https://inpostqpl.fit/pl was found to be: Known bad.
Malicious Activity Summary
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-29 03:50
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 03:50
Reported
2024-06-29 03:53
Platform
android-x86-arm-20240624-en
Max time kernel
116s
Max time network
130s
Command Line
com.android.chrome
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | inpostqpl.fit | udp |
| US | 104.21.14.47:443 | inpostqpl.fit | tcp |
| US | 104.21.14.47:443 | inpostqpl.fit | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | tcp |
Files
files/dom-0.html
| MD5 | f58ba60c0f6daa4349e52a19e011dd41 |
| SHA1 | 0bc90baf45ca118f3bb364fc679626cf87868cbb |
| SHA256 | 377e7c5f71c1708301c02fc0dfb2ed8048c5b45bb212e78d25a46845691f8f10 |
| SHA512 | 57e2a662d72238fad422843af52f35d91d0b3f5ddf53c0ae61e41cef359a71fe18b1194debd0b4e763c3f972e6c0eaf7c7e9ec6940c741e1c8345b9d04f76156 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-29 03:50
Reported
2024-06-29 03:54
Platform
android-x64-20240624-en
Max time kernel
116s
Max time network
165s
Command Line
com.android.chrome
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | inpostqpl.fit | udp |
| US | 172.67.157.190:443 | inpostqpl.fit | tcp |
| US | 172.67.157.190:443 | inpostqpl.fit | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.169.46:443 | tcp |
Files
files/dom-0.html
| MD5 | 7309a051af3041075b631ad5fbadb93f |
| SHA1 | 2b55811c6b76b47bb8aa774c1f8d254673926d27 |
| SHA256 | 3ad923abb117641bec6c793cb394b2a6eb1edd6e06d6d50a7ef6ddb956faccfe |
| SHA512 | e82dfff1cb3bb2567ab78f6b6d5e865e58597ffeb6761e51a543ef395aabaa0939b957ad9ba7fbb3305eb30fb2c3f3354f07db24206f106c94f8d36334ec611c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-29 03:50
Reported
2024-06-29 03:54
Platform
android-x64-arm64-20240624-en
Max time kernel
144s
Max time network
133s
Command Line
com.android.chrome
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.74:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| US | 1.1.1.1:53 | inpostqpl.fit | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | inpostqpl.fit | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 172.67.157.190:443 | inpostqpl.fit | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | ca5c1a4432579ecdd2a6f620d469a459 |
| SHA1 | 72a00f70867f230f03847cbe21aefcc896948315 |
| SHA256 | b5a9b2ef02107103983fc35eacb5af972cbd7adba8ca8d9cdb125cca27a173db |
| SHA512 | 2ad35983a2e858899368dae275129f2403427a607acf72a65e7f075043b8f2adf71a87892aca2c6cddfb7e3eba11c7b22fce7f95b7c1343f5c808c2b1310351e |