Analysis Overview
Threat Level: Known bad
The file https://interrapidisimo-co.com/ was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Looks up external IP address via web service
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-03 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-03 20:19
Reported
2024-12-03 20:25
Platform
android-x64-arm64-20240624-en
Max time kernel
253s
Max time network
294s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 172.67.172.138:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | interrapidisimo.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.186.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.186.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.186.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| US | 1.1.1.1:53 | td.doubleclick.net | udp |
| GB | 172.217.16.226:443 | td.doubleclick.net | tcp |
| US | 1.1.1.1:53 | apps.sae1.pure.cloud | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| BR | 54.232.2.94:443 | apps.sae1.pure.cloud | tcp |
| BR | 54.232.2.94:443 | apps.sae1.pure.cloud | tcp |
| BR | 54.232.2.94:443 | apps.sae1.pure.cloud | tcp |
| GB | 216.58.204.78:443 | clients1.google.com | tcp |
| BR | 54.232.2.94:443 | apps.sae1.pure.cloud | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 1.1.1.1:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 1.1.1.1:53 | get.geojs.io | udp |
| US | 104.26.0.100:443 | get.geojs.io | tcp |
| US | 1.1.1.1:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| GB | 142.250.187.227:443 | tcp |
Files
files/dom-0.html
| MD5 | b941c6dcfcd21a1942af41c2e7819694 |
| SHA1 | e1216ebf8ed598425196f20cc202915a72a260af |
| SHA256 | ebe62d839ec25168d8894f678e3cc5f3ddbfe7c04f22a6ebf812ef0043b00b85 |
| SHA512 | 7ecb2c7d6698eaad9562ab8eca464239f2c8332aa1447ac499865aa08ddd5cb38930a91363b0ddef4d4e13447dc73793b8894bfe60d1d962d34d293bc96b89ea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-03 20:19
Reported
2024-12-03 20:25
Platform
android-33-x64-arm64-20240624-en
Max time kernel
293s
Max time network
303s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.36:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 104.21.88.45:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 104.21.88.45:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 104.21.88.45:443 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| GB | 142.250.178.3:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.16.228:443 | udp | |
| US | 104.21.88.45:443 | interrapidisimo-co.com | udp |
| GB | 172.217.16.228:443 | udp | |
| US | 104.21.88.45:443 | interrapidisimo-co.com | udp |
| GB | 172.217.16.228:443 | udp | |
| US | 104.21.88.45:443 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 172.217.16.228:443 | udp | |
| US | 104.21.88.45:443 | interrapidisimo-co.com | udp |
| GB | 142.250.180.2:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| GB | 142.250.180.2:443 | tcp | |
| US | 216.239.32.36:443 | tcp | |
| GB | 216.58.213.6:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.178.10:443 | gmscompliance-pa.googleapis.com | tcp |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 142.250.179.225:443 | tcp | |
| GB | 216.58.201.99:443 | tcp | |
| GB | 216.58.201.106:443 | gmscompliance-pa.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | 46af3c8e619014c9529df8edec503670 |
| SHA1 | c349403a163509d3a35b27f17e901222bc5224fe |
| SHA256 | 1beb5bdbc5591f9ef8799c88326a7a8391252d4037f35752c056762bf27ed300 |
| SHA512 | cf09a54e1e72105a807d412e3f63fe00231deac1c7c8581d6a8f8fa4820f6f43fd23520b19f640669e1a567716f6858eabd4c7855b78c11acdbf2f3061ddb93f |