Malware Analysis Report

2025-01-19 02:14

Sample ID 241203-y3863ssldy
Target https://interrapidisimo-co.com/
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://interrapidisimo-co.com/ was found to be: Known bad.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Looks up external IP address via web service

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 20:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 20:19

Reported

2024-12-03 20:25

Platform

android-x64-arm64-20240624-en

Max time kernel

253s

Max time network

294s

Command Line

com.android.chrome

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 172.67.172.138:443 interrapidisimo-co.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 interrapidisimo.com udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 104.18.186.31:443 cdn.jsdelivr.net tcp
US 104.18.186.31:443 cdn.jsdelivr.net tcp
US 104.18.186.31:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
US 1.1.1.1:53 td.doubleclick.net udp
GB 172.217.16.226:443 td.doubleclick.net tcp
US 1.1.1.1:53 apps.sae1.pure.cloud udp
US 1.1.1.1:53 clients1.google.com udp
BR 54.232.2.94:443 apps.sae1.pure.cloud tcp
BR 54.232.2.94:443 apps.sae1.pure.cloud tcp
BR 54.232.2.94:443 apps.sae1.pure.cloud tcp
GB 216.58.204.78:443 clients1.google.com tcp
BR 54.232.2.94:443 apps.sae1.pure.cloud tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 1.1.1.1:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 1.1.1.1:53 get.geojs.io udp
US 104.26.0.100:443 get.geojs.io tcp
US 1.1.1.1:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
CA 192.99.203.165:443 interrapidisimo.com tcp
GB 142.250.187.227:443 tcp

Files

files/dom-0.html

MD5 b941c6dcfcd21a1942af41c2e7819694
SHA1 e1216ebf8ed598425196f20cc202915a72a260af
SHA256 ebe62d839ec25168d8894f678e3cc5f3ddbfe7c04f22a6ebf812ef0043b00b85
SHA512 7ecb2c7d6698eaad9562ab8eca464239f2c8332aa1447ac499865aa08ddd5cb38930a91363b0ddef4d4e13447dc73793b8894bfe60d1d962d34d293bc96b89ea

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 20:19

Reported

2024-12-03 20:25

Platform

android-33-x64-arm64-20240624-en

Max time kernel

293s

Max time network

303s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 216.58.213.10:443 tcp
US 172.64.41.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 104.21.88.45:443 interrapidisimo-co.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 104.21.88.45:443 interrapidisimo-co.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 104.21.88.45:443 interrapidisimo-co.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.201.99:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
GB 142.250.178.3:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.16.228:443 udp
US 104.21.88.45:443 interrapidisimo-co.com udp
GB 172.217.16.228:443 udp
US 104.21.88.45:443 interrapidisimo-co.com udp
GB 172.217.16.228:443 udp
US 104.21.88.45:443 interrapidisimo-co.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 172.217.16.228:443 udp
US 104.21.88.45:443 interrapidisimo-co.com udp
GB 142.250.180.2:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.180.2:443 tcp
GB 142.250.180.2:443 tcp
US 216.239.32.36:443 tcp
GB 216.58.213.6:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.10:443 gmscompliance-pa.googleapis.com tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.106:443 gmscompliance-pa.googleapis.com tcp

Files

files/dom-0.html

MD5 46af3c8e619014c9529df8edec503670
SHA1 c349403a163509d3a35b27f17e901222bc5224fe
SHA256 1beb5bdbc5591f9ef8799c88326a7a8391252d4037f35752c056762bf27ed300
SHA512 cf09a54e1e72105a807d412e3f63fe00231deac1c7c8581d6a8f8fa4820f6f43fd23520b19f640669e1a567716f6858eabd4c7855b78c11acdbf2f3061ddb93f