Analysis Overview
Threat Level: Known bad
The file http://interrapidisimo-co.com was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Looks up external IP address via web service
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 15:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 15:02
Reported
2024-12-10 15:07
Platform
android-x64-arm64-20240624-en
Max time kernel
262s
Max time network
296s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 172.67.172.138:80 | interrapidisimo-co.com | tcp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 172.67.172.138:80 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | www.cloudflare.com | udp |
| US | 172.67.172.138:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | interrapidisimo.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| US | 1.1.1.1:53 | td.doubleclick.net | udp |
| US | 1.1.1.1:53 | apps.sae1.pure.cloud | udp |
| GB | 142.250.179.226:443 | td.doubleclick.net | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| BR | 54.233.119.137:443 | apps.sae1.pure.cloud | tcp |
| BR | 54.233.119.137:443 | apps.sae1.pure.cloud | tcp |
| BR | 54.233.119.137:443 | apps.sae1.pure.cloud | tcp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| BR | 54.233.119.137:443 | apps.sae1.pure.cloud | tcp |
| US | 1.1.1.1:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 1.1.1.1:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 1.1.1.1:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 1.1.1.1:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| CA | 192.99.203.165:443 | interrapidisimo.com | tcp |
| GB | 216.58.201.98:443 | tcp |
Files
files/dom-0.html
| MD5 | b941c6dcfcd21a1942af41c2e7819694 |
| SHA1 | e1216ebf8ed598425196f20cc202915a72a260af |
| SHA256 | ebe62d839ec25168d8894f678e3cc5f3ddbfe7c04f22a6ebf812ef0043b00b85 |
| SHA512 | 7ecb2c7d6698eaad9562ab8eca464239f2c8332aa1447ac499865aa08ddd5cb38930a91363b0ddef4d4e13447dc73793b8894bfe60d1d962d34d293bc96b89ea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-10 15:02
Reported
2024-12-10 15:07
Platform
android-33-x64-arm64-20240624-en
Max time kernel
249s
Max time network
304s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | interrapidisimo-co.com | udp |
| US | 172.67.172.138:80 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.204.74:443 | remoteprovisioning.googleapis.com | tcp |
| US | 172.67.172.138:80 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.cloudflare.com | udp |
| US | 172.67.172.138:443 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.228:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| GB | 172.217.169.67:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.178.4:443 | udp | |
| US | 104.21.88.45:80 | interrapidisimo-co.com | tcp |
| GB | 142.250.178.4:443 | udp | |
| US | 104.21.88.45:80 | interrapidisimo-co.com | tcp |
| GB | 142.250.178.4:443 | udp | |
| US | 104.21.88.45:80 | interrapidisimo-co.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.178.4:443 | udp | |
| US | 104.21.88.45:80 | interrapidisimo-co.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.213.6:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 216.239.32.36:443 | tcp | |
| GB | 142.250.180.10:443 | gmscompliance-pa.googleapis.com | tcp |
| GB | 172.217.169.1:443 | tcp | |
| GB | 216.58.213.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 216.58.212.202:443 | gmscompliance-pa.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | 03e0cd4e7bc683f5386d96e32b427250 |
| SHA1 | 0caad3438e9cb0903b65c0d7c5cc00a502e0e742 |
| SHA256 | 08e526d8af5866afe7d1919b3664a10bf9419c4d11dd8e6173c759de05ff7255 |
| SHA512 | a47b32901597581b2d71fc30e999b952909c44fff44b036657c4b961490d06f8aa17fb63c670832d58c92004a90cf042ff61de56cf7155e483113dddab36501a |