Analysis

Category Package Started Completed Duration Log
PCAP 2019-01-02 14:31:35 2019-01-02 14:31:35 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
Y 64.233.190.188 [VT] United States
Y 47.88.141.90 [VT] Singapore
Y 47.74.170.158 [VT] Singapore
Y 47.74.170.157 [VT] Singapore
Y 216.58.202.42 [VT] United States
Y 200.59.131.165 [VT] Argentina
Y 172.217.28.200 [VT] United States
Y 161.117.71.92 [VT] Singapore
Y 161.117.71.226 [VT] Singapore
Y 149.154.175.50 [VT] United Kingdom
Y 172.217.28.174 [VT] United States

DNS

No domains contacted.


Hosts

Direct IP Country Name
Y 64.233.190.188 [VT] United States
Y 47.88.141.90 [VT] Singapore
Y 47.74.170.158 [VT] Singapore
Y 47.74.170.157 [VT] Singapore
Y 216.58.202.42 [VT] United States
Y 200.59.131.165 [VT] Argentina
Y 172.217.28.200 [VT] United States
Y 161.117.71.92 [VT] Singapore
Y 161.117.71.226 [VT] Singapore
Y 149.154.175.50 [VT] United Kingdom
Y 172.217.28.174 [VT] United States

TCP

Source Source Port Destination Destination Port
10.8.0.1 37293 149.154.175.50 443
10.8.0.1 39033 161.117.71.226 443
10.8.0.1 43016 161.117.71.92 80
10.8.0.1 43018 161.117.71.92 80
10.8.0.1 43022 161.117.71.92 80
10.8.0.1 40292 172.16.2.186 443
10.8.0.1 48220 172.217.28.200 443
10.8.0.1 37088 200.59.131.165 443
10.8.0.1 37092 200.59.131.165 443
10.8.0.1 38018 216.58.202.42 443
10.8.0.1 40617 47.74.170.157 5222
10.8.0.1 41727 47.74.170.158 5222
10.8.0.1 41728 47.74.170.158 5222
10.8.0.1 40039 47.88.141.90 443
10.8.0.1 47652 64.233.190.188 5228

UDP

Source Source Port Destination Destination Port
10.192.150.131 45774 172.217.28.174 443

DNS

No domains contacted.

HTTP Requests

URI Data
http://data.mistat.intl.xiaomi.com/getconfig
POST /getconfig HTTP/1.1
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; Redmi S2 MIUI/V10.0.8.0.OEFMIFH)
Host: data.mistat.intl.xiaomi.com
Accept-Encoding: gzip
Content-Length: 210

app_id=2882303761517542074&app_version=1.3.0.0&channel=miui&config_version=0.0&device_id=62bf550e-43aa-4439-8d2d-e914f92f669e&package_name=com.miui.hybrid&sdk_version=2.1.1&sign=32364b07beffe0c0bf363df58fb9f8da
http://data.mistat.intl.xiaomi.com/mistats/v2
POST /mistats/v2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; Redmi S2 MIUI/V10.0.8.0.OEFMIFH)
Host: data.mistat.intl.xiaomi.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1192

app_id=2882303761517405262&app_key=5971740546262&bc=S&channel=international_stable&device_id=b2aa8a63-2695-4a3c-a827-4fb4e9a2b870&id_type=0&interval=360000&mistatv=4&policy=4&sdk_version=1.9.16&sign=3e6ae48357e2df84f251126c5f56a21d&size=4&stat_value=7cb2d8d123372f4fda8
http://data.mistat.intl.xiaomi.com/mistats/v2
POST /mistats/v2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; Redmi S2 MIUI/V10.0.8.0.OEFMIFH)
Host: data.mistat.intl.xiaomi.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 1362

bc=S&device_id=8bb4e52b-c544-4578-b26f-220b9f2f5079&channel=Redmi+S2&stat_value=e67925185dd77391c5a8b62804acecc4efd360db53eceb90c87d8ce0fa83fbe04f7f7db7bd32b1b524b02bb77416c7129eaf715fc49b6e0fe7ef64cf82459b9acc868cdde6e6a6e3520958618a00447d39db3d0fbdff684cc2d28d7675053

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
10.8.0.1 39033 161.117.71.226 443 3967ff2d2c9c4d144e7e30f24f4e9761 unknown
10.8.0.1 40292 172.16.2.186 443 312c0b788e784899a8cc07c960430c3a unknown
10.8.0.1 48220 172.217.28.200 443 ee26b1f1aec16d6098768e2c67388ace unknown
10.8.0.1 37088 200.59.131.165 443 c60d01d600aacc2c04844595ce224279 unknown
10.8.0.1 37092 200.59.131.165 443 d8c87b9bfde38897979e41242626c2f3 unknown
10.8.0.1 38018 216.58.202.42 443 64f5072c75cb07e8a2edd23a2c3fefe1 unknown
10.8.0.1 40039 47.88.141.90 443 d8c87b9bfde38897979e41242626c2f3 unknown
10.8.0.1 47652 64.233.190.188 5228 6105cb5b1dd41bfb943955d0f1d2f08f unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.076 seconds )

  • 0.069 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 BehaviorAnalysis
  • 0.001 Debug

Signatures ( 0.04 seconds )

  • 0.007 antiav_detectreg
  • 0.004 ransomware_files
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 29000
Mongo ID 5c2ccb4af28488582e6d3423
Cuckoo release 1.3-CAPE
Delete