Malware analysis gog6.com Malicious activity | ANY.RUN

Add for printing

URL:	gog6.com
Full analysis:	https://app.any.run/tasks/3f1997e2-030d-4a67-9082-57d5911c7a44
Verdict:	Malicious activity
Analysis date:	September 28, 2025, 03:53:52
OS:	Android 14
Tags:	phishing
Indicators:
MD5:	CD95A9C72FCF7EEF7462102ADB6DE8B1
SHA1:	FAE0E2C12D97D22DE2902DC43689EB2DEC53EDFF
SHA256:	12C06C7099697FAA9726A15592CCCA3F542A5A41BCC39F5073F6371101E2BDC2
SSDEEP:	3:+I:+I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
- PHISHING has been detected (SURICATA)
  - app_process64 (PID: 2758)
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

168

Monitored processes

44

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2758	org.chromium.chrome	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2811	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2832	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
2850	<pre-initialized>	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2869	<pre-initialized>	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2935	com.android.providers.partnerbookmarks	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2961	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
3035	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
3054	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
3073	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

22

Suspicious files

315

Text files

8

Unknown types

0

Dropped files

PID	Process	Filename		Type
3035	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.0Rxthi/list.pb		binary
		MD5:—	SHA256:—
3035	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.0Rxthi/manifest.json		binary
		MD5:—	SHA256:—
3035	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.0Rxthi/LICENSE		text
		MD5:—	SHA256:—
3035	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.0Rxthi/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
3035	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/cab4d1f0a6a2a1afecae808a520f6690dd2b9d58bf54762877f2dc9715d55461		binary
		MD5:—	SHA256:—
3054	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.KEdphs/privacy-sandbox-attestations.dat		binary
		MD5:—	SHA256:—
3054	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.KEdphs/manifest.json		binary
		MD5:—	SHA256:—
3054	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.KEdphs/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
3054	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/38c89b12bb20a8f2751c9c7cd2e31c173a47af08c115e1ecccc2f5151a2cf2c6		binary
		MD5:—	SHA256:—
3092	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Vfe3ds/manifest.json		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

30

TCP/UDP connections

136

DNS requests

191

Threats

253

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2758	app_process64	GET	200	142.250.184.206:80	http://clients2.google.com/time/1/current?cup2key=9:K5B0a-GWMjW2rcpPMmHazEr9R4nxj_HsYQcdSEw_0DM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	unknown	—	—	whitelisted
—	—	GET	204	142.250.186.164:80	http://www.google.com/gen_204	unknown	—	—	whitelisted
2758	app_process64	GET	302	142.250.186.115:80	http://www.gog6.com/	unknown	—	—	unknown
2758	app_process64	GET	301	216.239.32.21:80	http://gog6.com/	unknown	—	—	whitelisted
831	app_process64	GET	204	216.58.206.35:80	http://connectivitycheck.gstatic.com/generate_204	unknown	—	—	whitelisted
2758	app_process64	GET	301	142.250.186.115:80	http://www.gog6.com/?m=1	unknown	—	—	unknown
2758	app_process64	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acmmwq7dser4xm5sepzjv74g65vq_2023.7.28.10/cffplpkejcbdpfnfabnjikeicbedmifn_2023.07.28.10_all_acgbwixmcanakp2bkoppyszsbkrq.crx3	unknown	—	—	whitelisted
2758	app_process64	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acpeapixpwuzscfa5h5j5m7c4xaa_2025.6.16.0/niikhdgajlphfehepabhhblakbdgeefj_2025.06.16.00_all_acgsomx5qtwgffxcrxwhoksfom7q.crx3	unknown	—	—	whitelisted
2758	app_process64	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/obedbbhbpmojnkanicioggnmelmoomoc/427c3b0e1922e377fd0a67afb3421a260db016bdf67354de23c8892914805b58	unknown	—	—	whitelisted
2758	app_process64	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ptjoorknhwqx6ligfl7sbbbwim_542/lmelglejhemejginpboagddgdfbepgmp_542_all_ZZ_acmmv2ma757ruoyl5xisemyi4nga.crx3	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
446	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.250.186.164:80	www.google.com	GOOGLE	US	whitelisted
—	—	142.250.186.164:443	www.google.com	GOOGLE	US	whitelisted
—	—	216.58.206.35:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
2758	app_process64	142.250.184.206:80	clients2.google.com	GOOGLE	US	whitelisted
2758	app_process64	142.250.186.164:443	www.google.com	—	—	whitelisted
574	app_process64	216.239.35.4:123	time.android.com	—	—	whitelisted
2758	app_process64	216.239.32.21:80	gog6.com	GOOGLE	US	whitelisted
2758	app_process64	142.250.102.84:443	accounts.google.com	GOOGLE	US	whitelisted
2758	app_process64	142.250.186.115:80	www.gog6.com	GOOGLE	US	unknown

DNS requests

Domain	IP	Reputation
www.google.com	142.250.186.164 142.250.186.36 142.250.186.132 172.217.17.132	whitelisted
google.com	142.250.186.174	whitelisted
clients2.google.com	142.250.184.206	whitelisted
gog6.com	216.239.32.21 216.239.34.21 216.239.38.21 216.239.36.21	unknown
accounts.google.com	142.250.102.84 142.251.31.84	whitelisted
www.gog6.com	142.250.186.115 142.250.185.243	unknown
time.android.com	216.239.35.4 216.239.35.8 216.239.35.12 216.239.35.0	unknown
fonts.googleapis.com	142.250.184.234	whitelisted
de.tynt.com	67.202.105.34	whitelisted
fontlibrary.org	45.56.91.11	unknown

Threats

PID	Process	Class	Message
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
2758	app_process64	Generic Protocol Command Decode	SURICATA QUIC failed decrypt

Add for printing

No debug info

General Info

gog6.com

CD95A9C72FCF7EEF7462102ADB6DE8B1

FAE0E2C12D97D22DE2902DC43689EB2DEC53EDFF

12C06C7099697FAA9726A15592CCCA3F542A5A41BCC39F5073F6371101E2BDC2

3:+I:+I

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

PHISHING has been detected (SURICATA)

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings