Malware Analysis Report

2025-01-19 02:22

Sample ID 241210-seqryatlck
Target http://interrapidisimo-co.com
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://interrapidisimo-co.com was found to be: Known bad.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Looks up external IP address via web service

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 15:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 15:02

Reported

2024-12-10 15:07

Platform

android-x64-arm64-20240624-en

Max time kernel

262s

Max time network

296s

Command Line

com.android.chrome

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 1.1.1.1:53 accounts.google.com udp
US 172.67.172.138:80 interrapidisimo-co.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
US 172.67.172.138:80 interrapidisimo-co.com tcp
US 1.1.1.1:53 www.cloudflare.com udp
US 172.67.172.138:443 interrapidisimo-co.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 interrapidisimo.com udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
US 1.1.1.1:53 td.doubleclick.net udp
US 1.1.1.1:53 apps.sae1.pure.cloud udp
GB 142.250.179.226:443 td.doubleclick.net tcp
US 1.1.1.1:53 clients1.google.com udp
BR 54.233.119.137:443 apps.sae1.pure.cloud tcp
BR 54.233.119.137:443 apps.sae1.pure.cloud tcp
BR 54.233.119.137:443 apps.sae1.pure.cloud tcp
GB 142.250.187.206:443 clients1.google.com tcp
BR 54.233.119.137:443 apps.sae1.pure.cloud tcp
US 1.1.1.1:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 1.1.1.1:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 1.1.1.1:53 get.geojs.io udp
US 172.67.70.233:443 get.geojs.io tcp
US 1.1.1.1:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
CA 192.99.203.165:443 interrapidisimo.com tcp
CA 192.99.203.165:443 interrapidisimo.com tcp
GB 216.58.201.98:443 tcp

Files

files/dom-0.html

MD5 b941c6dcfcd21a1942af41c2e7819694
SHA1 e1216ebf8ed598425196f20cc202915a72a260af
SHA256 ebe62d839ec25168d8894f678e3cc5f3ddbfe7c04f22a6ebf812ef0043b00b85
SHA512 7ecb2c7d6698eaad9562ab8eca464239f2c8332aa1447ac499865aa08ddd5cb38930a91363b0ddef4d4e13447dc73793b8894bfe60d1d962d34d293bc96b89ea

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 15:02

Reported

2024-12-10 15:07

Platform

android-33-x64-arm64-20240624-en

Max time kernel

249s

Max time network

304s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 interrapidisimo-co.com udp
US 172.67.172.138:80 interrapidisimo-co.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.204.74:443 remoteprovisioning.googleapis.com tcp
US 172.67.172.138:80 interrapidisimo-co.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 1.1.1.1:53 www.cloudflare.com udp
US 172.67.172.138:443 interrapidisimo-co.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.228:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
GB 172.217.169.67:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.4:443 udp
US 104.21.88.45:80 interrapidisimo-co.com tcp
GB 142.250.178.4:443 udp
US 104.21.88.45:80 interrapidisimo-co.com tcp
GB 142.250.178.4:443 udp
US 104.21.88.45:80 interrapidisimo-co.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.178.4:443 udp
US 104.21.88.45:80 interrapidisimo-co.com tcp
GB 216.58.201.98:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.213.6:443 tcp
GB 142.250.200.2:443 tcp
GB 216.58.212.206:443 tcp
US 216.239.32.36:443 tcp
GB 142.250.180.10:443 gmscompliance-pa.googleapis.com tcp
GB 172.217.169.1:443 tcp
GB 216.58.213.1:443 tcp
GB 172.217.169.1:443 tcp
GB 172.217.169.1:443 tcp
GB 172.217.169.1:443 tcp
GB 172.217.169.1:443 tcp
GB 216.58.212.202:443 gmscompliance-pa.googleapis.com tcp

Files

files/dom-0.html

MD5 03e0cd4e7bc683f5386d96e32b427250
SHA1 0caad3438e9cb0903b65c0d7c5cc00a502e0e742
SHA256 08e526d8af5866afe7d1919b3664a10bf9419c4d11dd8e6173c759de05ff7255
SHA512 a47b32901597581b2d71fc30e999b952909c44fff44b036657c4b961490d06f8aa17fb63c670832d58c92004a90cf042ff61de56cf7155e483113dddab36501a