Malware Analysis Report

2025-01-19 02:13

Sample ID 241203-tfxsbaskfw
Target https://rastreos-interrapidisimo.com/
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://rastreos-interrapidisimo.com/ was found to be: Known bad.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 16:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 16:00

Reported

2024-12-03 16:03

Platform

android-x86-arm-20240624-en

Max time kernel

115s

Max time network

128s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
US 1.1.1.1:53 rastreos-interrapidisimo.com udp
US 172.67.71.104:443 rastreos-interrapidisimo.com tcp
US 172.67.71.104:443 rastreos-interrapidisimo.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
GB 142.250.178.10:443 tcp

Files

files/dom-0.html

MD5 372467ff2bdbe4efba90e5483f2b054e
SHA1 8ef069233d839342da7e81f7a11be2c6d0172336
SHA256 8d816f12f55d65b8a3f38c7123ce6644be4e9d0fbb36bfef1ab8c260dcd5268f
SHA512 e69275ca3f20ade8fc87fffb40d3f2658791b7bcd8d9518cdce71a1981a91d4a388b59c758b154c4415f86ac52e7fd9aa23916cdc30bd749a594399cc1afb61d

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 16:00

Reported

2024-12-03 16:03

Platform

android-x64-20240624-en

Max time kernel

116s

Max time network

131s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 rastreos-interrapidisimo.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 172.67.71.104:443 rastreos-interrapidisimo.com tcp
US 172.67.71.104:443 rastreos-interrapidisimo.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

files/dom-0.html

MD5 f28c01319412a90a1ac30be1caa9bfec
SHA1 3fb15e88c0edcf233b38602008c52cffa18597c7
SHA256 8ec1e2f15234c0a351303735321be695713282eaad554162de35c658a1fb483f
SHA512 d8635335b4d0c58459a53ad82f86650ea74d9c3db2a917f1036f0a5e406fb1000cdbaaff8d92c84886337e6d0e0562a943113f02d16b7782d7b58724a895181f

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-03 16:00

Reported

2024-12-03 16:03

Platform

android-x64-arm64-20240624-en

Max time kernel

124s

Max time network

132s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 rastreos-interrapidisimo.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 rastreos-interrapidisimo.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 104.26.12.49:443 rastreos-interrapidisimo.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.195:443 update.googleapis.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp

Files

files/dom-0.html

MD5 264c160e2486e7a08cf05f74c88972d4
SHA1 4b7c0bdaa4b35951dfcc0b62b251c0f0b13b1673
SHA256 193281a542919d562d3a74d9ce1b6ed69c58198d65efae373ddc67a845b313df
SHA512 9040bfa23a5231956257c3eaf1138a84aec38b82c253c20427d8f89c6ed31a13be1d0503a94d3db106b1ef246c355984d256479199a0b5caeb82cdb8ee06ff96