File name: | 12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef.elf |
Full analysis: | https://app.any.run/tasks/dcef591c-1662-4d5b-a83b-ce1a9843d05e |
Verdict: | Malicious activity |
Analysis date: | April 28, 2024, 07:12:10 |
OS: | Ubuntu 22.04.2 |
MIME: | application/x-executable |
File info: | ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped |
MD5: | EEC5C6C219535FBA3A0492EA8118B397 |
SHA1: | 292559E94F1C04B7D0C65D4A01BBBC5DC1FF6F21 |
SHA256: | 12013662C71DA69DE977C04CD7021F13A70CF7BED4CA6C82ACBC100464D4B0EF |
SSDEEP: | 6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ6:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBm |
.o | | | ELF Executable and Linkable format (generic) (100) |
---|
CPUArchitecture: | 32 bit |
---|---|
CPUByteOrder: | Little endian |
ObjectFileType: | Executable file |
CPUType: | Unknown (40) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9273 | /bin/sh -c "curl myip\.wtf/text " | /bin/sh | — | any-guest-agent |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9278 | /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only | /usr/bin/dbus-daemon | — | dbus-daemon |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9279 | /usr/bin/nautilus --gapplication-service | /usr/bin/nautilus | — | dbus-daemon |
User: user Integrity Level: UNKNOWN | ||||
9294 | /lib/systemd/systemd-hostnamed | /lib/systemd/systemd-hostnamed | — | systemd |
User: root Integrity Level: UNKNOWN Exit code: 765 | ||||
9300 | bwrap --ro-bind /usr /usr --ro-bind-try /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --setenv GST_REGISTRY_1_0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0/gstreamer-1.0.registry --bind /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-T7FLM2 /tmp --ro-bind /home/user/test_files/24px.svg /tmp/24px.svg --seccomp 24 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/24px.svg /tmp/gnome-desktop-thumbnailer.png | /usr/bin/bwrap | — | nautilus |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9301 | bwrap --ro-bind /usr /usr --ro-bind-try /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --setenv GST_REGISTRY_1_0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0/gstreamer-1.0.registry --bind /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-T7FLM2 /tmp --ro-bind /home/user/test_files/24px.svg /tmp/24px.svg --seccomp 24 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/24px.svg /tmp/gnome-desktop-thumbnailer.png | /usr/bin/bwrap | — | bwrap |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9302 | /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/24px.svg /tmp/gnome-desktop-thumbnailer.png | /usr/bin/gdk-pixbuf-thumbnailer | — | bwrap |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9303 | bwrap --ro-bind /usr /usr --ro-bind-try /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --setenv GST_REGISTRY_1_0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0/gstreamer-1.0.registry --bind /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-J01JM2 /tmp --ro-bind /home/user/test_files/googlelogo_color_92x30dp.png /tmp/googlelogo_color_92x30dp.png --seccomp 24 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/googlelogo_color_92x30dp.png /tmp/gnome-desktop-thumbnailer.png | /usr/bin/bwrap | — | nautilus |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9304 | bwrap --ro-bind /usr /usr --ro-bind-try /etc/ld.so.cache /etc/ld.so.cache --symlink /usr//bin /bin --symlink /usr//lib64 /lib64 --symlink /usr//lib /lib --symlink /usr//sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --setenv GST_REGISTRY_1_0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0/gstreamer-1.0.registry --bind /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 /home/user/.cache/gnome-desktop-thumbnailer/gstreamer-1.0 --ro-bind-try /etc/alternatives /etc/alternatives --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-J01JM2 /tmp --ro-bind /home/user/test_files/googlelogo_color_92x30dp.png /tmp/googlelogo_color_92x30dp.png --seccomp 24 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/googlelogo_color_92x30dp.png /tmp/gnome-desktop-thumbnailer.png | /usr/bin/bwrap | — | bwrap |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9305 | /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/googlelogo_color_92x30dp.png /tmp/gnome-desktop-thumbnailer.png | /usr/bin/gdk-pixbuf-thumbnailer | — | bwrap |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9279 | nautilus | /home/user/.local/share/nautilus/tags/meta.db-wal | — | |
MD5:— | SHA256:— | |||
9279 | nautilus | /home/user/.local/share/nautilus/tags/meta.db-shm | — | |
MD5:— | SHA256:— | |||
9279 | nautilus | /home/user/.local/share/nautilus/tags/.meta.isrunning | — | |
MD5:— | SHA256:— | |||
9279 | nautilus | /tmp/flatpak-seccomp-EDGLM2 | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /newroot/etc/ld.so.cache | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /null | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /zero | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /full | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /random | — | |
MD5:— | SHA256:— | |||
9301 | bwrap | /urandom | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 204 | 91.189.91.97:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | unknown |
— | — | GET | 204 | 91.189.91.98:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 91.189.91.98:80 | connectivity-check.ubuntu.com | Canonical Group Limited | US | unknown |
— | — | 91.189.91.49:80 | connectivity-check.ubuntu.com | Canonical Group Limited | US | unknown |
— | — | 185.125.188.59:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.55:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.54:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
Domain | IP | Reputation |
---|---|---|
api.snapcraft.io |
| unknown |
128.100.168.192.in-addr.arpa |
| unknown |
connectivity-check.ubuntu.com |
| unknown |