| File name: | main.py |
| Full analysis: | https://app.any.run/tasks/a4f45579-92c0-4fba-9ab3-0378d2270560 |
| Verdict: | Malicious activity |
| Analysis date: | April 08, 2024, 12:31:54 |
| OS: | Ubuntu 22.04.2 |
| MIME: | text/x-script.python |
| File info: | Python script, ASCII text executable, with CRLF line terminators |
| MD5: | 4713596506376FF94A0E8DC635BDFB6E |
| SHA1: | 63642A180D05764C21F9B7CD7A8F1A2D1EFC995C |
| SHA256: | 1A267FD6C7255CC1C24A773C37DA5E3FC58378E05141C0F21F6CE11A20324E21 |
| SSDEEP: | 6:+aIFwuB9N+q8/PwvUuzBly+ZH0JX+LjlhtMwAj9QrQXf82Tp3P/HPs:+aIF5BL+BgvUui+ZUJXShqxygTl3Xvs |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executes commands using command-line interpreter
- apt (PID: 9397)
- apt (PID: 9472)
- gnome-terminal-server (PID: 9340)
Checks DMI information (probably VM detection)
- systemd-hostnamed (PID: 9323)
Reads information about logins, logouts, and login attempts
- bash (PID: 9358)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
281
Monitored processes
56
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 9306 | /bin/sh -c "DISPLAY=:0 sudo -iu user nautilus \"/home/user/main\.py\" " | /bin/sh | — | any-guest-agent |
User: user Integrity Level: UNKNOWN | ||||
| 9307 | sudo -iu user nautilus /home/user/main.py | /usr/bin/sudo | — | sh |
User: user Integrity Level: UNKNOWN | ||||
| 9308 | nautilus /home/user/main.py | /usr/bin/nautilus | — | sudo |
User: user Integrity Level: UNKNOWN | ||||
| 9309 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | nautilus |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 9323 | /lib/systemd/systemd-hostnamed | /lib/systemd/systemd-hostnamed | — | systemd |
User: root Integrity Level: UNKNOWN Exit code: 416 | ||||
| 9333 | /usr/bin/python3 /usr/bin/gnome-terminal | /usr/bin/gnome-terminal | — | gnome-shell |
User: user Integrity Level: UNKNOWN Exit code: 9323 | ||||
| 9335 | /usr/bin/gnome-terminal.real | /usr/bin/gnome-terminal.real | — | gnome-terminal |
User: user Integrity Level: UNKNOWN Exit code: 9323 | ||||
| 9340 | /usr/libexec/gnome-terminal-server | /usr/libexec/gnome-terminal-server | — | systemd |
User: user Integrity Level: UNKNOWN | ||||
| 9358 | bash | /bin/bash | — | gnome-terminal-server |
User: user Integrity Level: UNKNOWN | ||||
| 9359 | /bin/sh /usr/bin/lesspipe | /usr/bin/lesspipe | — | bash |
User: user Integrity Level: UNKNOWN Exit code: 9323 | ||||
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 9308 | nautilus | /home/user/.local/share/nautilus/tags/meta.db-wal | — | |
MD5:— | SHA256:— | |||
| 9308 | nautilus | /home/user/.local/share/nautilus/tags/meta.db-shm | — | |
MD5:— | SHA256:— | |||
| 9308 | nautilus | /home/user/.local/share/nautilus/tags/.meta.isrunning | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.PzKC4p | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.sivhQS | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.7IOicB | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.t8hpwr | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.kokS1R | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.D0PjRh | — | |
MD5:— | SHA256:— | |||
| 9397 | apt | /var/cache/apt/archives/partial/.apt-acquire-privs-test.K5ItLJ | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
6
DNS requests
12
Threats
15
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/j/javascript-common/javascript-common_11%2bnmu1_all.deb | unknown | binary | 5.80 Kb | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/e/expat/libexpat1-dev_2.4.7-1ubuntu0.2_amd64.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/n/node-jquery/libjs-jquery_3.6.0%2bdfsg%2b%7e3.5.13-1_all.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/u/underscore/libjs-underscore_1.13.2%7edfsg-2_all.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/s/sphinx/libjs-sphinxdoc_4.3.2-1_all.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.11.dfsg-2ubuntu9.2_amd64.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/p/python3.10/libpython3.10-dev_3.10.12-1%7e22.04.3_amd64.deb | unknown | — | — | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/p/python3-defaults/libpython3-dev_3.10.6-1%7e22.04_amd64.deb | unknown | — | — | unknown |
— | — | GET | 404 | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/p/python3-stdlib-extensions/python3-distutils_3.10.8-1%7e22.04_all.deb | unknown | html | 283 b | unknown |
— | — | GET | — | 91.189.91.82:80 | http://ie.archive.ubuntu.com/ubuntu/pool/main/p/python3.10/python3.10-dev_3.10.12-1%7e22.04.3_amd64.deb | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 185.125.188.59:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 91.189.91.82:80 | ie.archive.ubuntu.com | Canonical Group Limited | US | unknown |
— | — | 185.125.190.39:80 | ie.archive.ubuntu.com | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.54:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.55:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
api.snapcraft.io |
| unknown |
178.100.168.192.in-addr.arpa |
| unknown |
connectivity-check.ubuntu.com |
| unknown |
_http._tcp.ie.archive.ubuntu.com |
| unknown |
ie.archive.ubuntu.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |
— | — | Not Suspicious Traffic | ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management |