MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-29 14:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 14:47

Reported

2024-06-29 14:49

Platform

android-x86-arm-20240624-en

Max time kernel

39s

Max time network

38s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description	Indicator	Process	Target
File opened for read	/proc/cpuinfo	N/A	N/A

Checks memory information

Description	Indicator	Process	Target
File opened for read	/proc/meminfo	N/A	N/A

Processes

com.android.chrome

Network

Country	Destination	Domain	Proto
N/A	224.0.0.251:5353		udp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
US	1.1.1.1:53	pl-2906.com	udp
N/A	10.127.0.1:12000		tcp
US	104.21.84.29:443	pl-2906.com	tcp
US	104.21.84.29:443	pl-2906.com	tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
US	1.1.1.1:53	update.googleapis.com	udp
GB	172.217.16.227:443	update.googleapis.com	tcp
GB	142.250.200.46:443		tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.179.238:443	android.apis.google.com	tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-29 14:47

Reported

2024-06-29 14:51

Platform

android-x64-20240624-en

Max time kernel

116s

Max time network

156s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description	Indicator	Process	Target
File opened for read	/proc/cpuinfo	N/A	N/A

Checks memory information

Description	Indicator	Process	Target
File opened for read	/proc/meminfo	N/A	N/A

Processes

com.android.chrome

Network

Country	Destination	Domain	Proto
N/A	224.0.0.251:5353		udp
US	1.1.1.1:53	accounts.google.com	udp
BE	142.251.168.84:443	accounts.google.com	tcp
US	1.1.1.1:53	pl-2906.com	udp
US	172.67.185.97:443	pl-2906.com	tcp
US	172.67.185.97:443	pl-2906.com	tcp
US	1.1.1.1:53	a.nel.cloudflare.com	udp
US	35.190.80.1:443	a.nel.cloudflare.com	tcp
US	1.1.1.1:53	ssl.google-analytics.com	udp
GB	142.250.200.8:443	ssl.google-analytics.com	tcp
US	1.1.1.1:53	update.googleapis.com	udp
GB	172.217.169.3:443	update.googleapis.com	tcp
GB	142.250.200.46:443		tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	142.250.187.238:443	android.apis.google.com	tcp
GB	142.250.200.10:443		tcp
GB	142.250.187.228:443		tcp
GB	142.250.187.228:443		tcp

Files

files/dom-0.html

MD5	8b9649dba57b7c22f78b44104ed76be0
SHA1	e63e1cab05e5214a01d538b9bf60ecf3fa8ae7ed
SHA256	76114f7787e625ba1e595fd2c0923f50395a31262de886eb81c48fe4082f1740
SHA512	b2a8aae566b9934892a405d20b6b2e8e525f4cc7e0e833628c1aa1d4073587c718e8afb6bcc8d8b31753144ed978029c603866ccd51230f0962a41d7197ea10f

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-29 14:47

Reported

2024-06-29 14:51

Platform

android-x64-arm64-20240624-en

Max time kernel

124s

Max time network

132s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description	Indicator	Process	Target
File opened for read	/proc/cpuinfo	N/A	N/A

Checks memory information

Description	Indicator	Process	Target
File opened for read	/proc/meminfo	N/A	N/A

Processes

com.android.chrome

Network

Country	Destination	Domain	Proto
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	224.0.0.251:5353		udp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
GB	216.58.204.74:443		tcp
GB	216.58.204.74:443		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
N/A	10.127.0.1:12000		tcp
US	1.1.1.1:53	pl-2906.com	udp
US	1.1.1.1:53	accounts.google.com	udp
BE	74.125.206.84:443	accounts.google.com	tcp
US	1.1.1.1:53	pl-2906.com	udp
US	1.1.1.1:53	accounts.google.com	udp
BE	74.125.71.84:443	accounts.google.com	tcp
US	104.21.84.29:443	pl-2906.com	tcp
N/A	10.127.0.1:12000		tcp
US	1.1.1.1:53	ssl.google-analytics.com	udp
GB	142.250.187.200:443	ssl.google-analytics.com	tcp
US	1.1.1.1:53	a.nel.cloudflare.com	udp
US	35.190.80.1:443	a.nel.cloudflare.com	tcp
GB	142.250.187.206:443		tcp
GB	142.250.187.206:443		tcp
US	1.1.1.1:53	android.apis.google.com	udp
GB	216.58.212.238:443	android.apis.google.com	tcp
US	1.1.1.1:53	update.googleapis.com	udp
GB	216.58.212.195:443	update.googleapis.com	tcp
GB	142.250.179.228:443		tcp
GB	142.250.179.228:443		tcp
US	1.1.1.1:53	update.googleapis.com	udp
GB	172.217.16.227:443	update.googleapis.com	tcp

Files

files/dom-0.html

MD5	c35c4eee9ad65ede73fd777df538a910
SHA1	6d354652cb9bedb33c5c5283a62aa2b293764fac
SHA256	380bc7a5b1dc187917097a876cb9055e9a7f78ce14629ed4ac775eb36a17d0d3
SHA512	18bb3fadd423108c7b9b2e0a14f1d8b6897ee6ed31df515daed0aa722efb2e2ac6c49e4c6b219b0e8b4fa31b46d1c4245044f31f4bdd2b4ccd2954408bf0e9e3

Sample ID	240629-r593tszcnb
Target	https://pl-2906.com/
Tags

Malware Analysis Report

2024-07-28 09:12

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files