Malware Analysis Report

2024-10-16 05:30

Sample ID 240629-yf56xavamh
Target https://filetransfer.io/data-package/xi4ohFAi#link
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://filetransfer.io/data-package/xi4ohFAi#link was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-29 19:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 19:44

Reported

2024-06-29 19:45

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

45s

Command Line

[firefox -new-tab https://filetransfer.io/data-package/xi4ohFAi#link]

Signatures

N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://filetransfer.io/data-package/xi4ohFAi#link]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 live.thunderbird.net udp
US 8.8.8.8:53 live.thunderbird.net udp
US 104.26.3.27:443 live.thunderbird.net tcp
US 104.26.3.27:443 live.thunderbird.net udp
US 8.8.8.8:53 autoconfig.thunderbird.net udp
US 8.8.8.8:53 autoconfig.thunderbird.net udp
US 104.26.3.27:443 autoconfig.thunderbird.net tcp
US 104.26.3.27:443 autoconfig.thunderbird.net udp
US 172.67.74.82:443 autoconfig.thunderbird.net tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 172.67.74.82:443 autoconfig.thunderbird.net udp
US 8.8.8.8:53 start.thunderbird.net udp
US 8.8.8.8:53 start.thunderbird.net udp
US 172.67.74.82:443 start.thunderbird.net tcp
US 172.67.74.82:443 start.thunderbird.net udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp

Files

N/A