Malware Analysis Report

2025-01-19 02:12

Sample ID 241130-qmw8ksvmbz
Target http://rastreo-interrapidisimo.co
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://rastreo-interrapidisimo.co was found to be: Known bad.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-30 13:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-30 13:23

Reported

2024-11-30 13:26

Platform

android-x86-arm-20240624-en

Max time kernel

121s

Max time network

138s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 rastreo-interrapidisimo.co udp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.234:443 tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 104.21.67.60:443 rastreo-interrapidisimo.co tcp
US 104.21.67.60:443 rastreo-interrapidisimo.co tcp
US 1.1.1.1:53 www.herokucdn.com udp
GB 18.245.218.95:443 www.herokucdn.com tcp

Files

files/dom-0.html

MD5 9c50eab5c448548b797f1a34a6f8cff7
SHA1 bbf0d53511ddfe67bf8d0ee225482a0123b8650f
SHA256 9ad10ef1aa4feb9ced6bf0d1da15d387372832ad3c23a5ad545a8bb4f020b05c
SHA512 ed8de02a6ecf5ff32f0b277a2f774c2f87f35bf996d4c92ea6aa15d2bd8b8daef1f1d9185d39040986a521e37eea3e0331105abe6b323782998cb5abc7e6dd77

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-30 13:23

Reported

2024-11-30 13:26

Platform

android-x64-20240624-en

Max time kernel

117s

Max time network

139s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 rastreo-interrapidisimo.co udp
US 172.67.214.251:80 rastreo-interrapidisimo.co tcp
US 172.67.214.251:80 rastreo-interrapidisimo.co tcp
US 172.67.214.251:80 rastreo-interrapidisimo.co tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.179.234:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

files/dom-0.html

MD5 9c5b9665c962814d1a7ab7a5a893cff1
SHA1 4611029886811e9e82fddb34c6c511da13e6677a
SHA256 a1d6f4cd90e571e22c01126adc2bd134e99d8c58786ead45b1d619fd17415ce2
SHA512 3884f27cb4b925241571e59189a9cb6dda849170991f1fc228ac9f4d1d0165e0999e34b5754e16344223d687fe14af8e44be1b09bc575ba212d154b4c9f20d39

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-30 13:23

Reported

2024-11-30 13:26

Platform

android-x64-arm64-20240624-en

Max time kernel

124s

Max time network

150s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 rastreo-interrapidisimo.co udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 rastreo-interrapidisimo.co udp
BE 64.233.184.84:443 accounts.google.com tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp
US 104.21.67.60:80 rastreo-interrapidisimo.co tcp

Files

files/dom-0.html

MD5 4d454764bab6ac7bb03f48e3316b789f
SHA1 8cb6a24f04da70c89786c4dc296b8e501034ff8b
SHA256 76a49208ca269a9944ea29e774525938fb02a039e1c0412d07527ae17f536d62
SHA512 a7f2be3558786401bf56979dc56fe95da1d2b1fd70a67d7d1ab3d68f9e8c833427a8dcb0edd86c350185acede578f24f73ba1bd96e8c8c5746dd9d976bdbbc42