File name:

CamXploit-main.zip

Full analysis: https://app.any.run/tasks/85ca35db-7185-4ad9-9f87-9f75fba1b638
Verdict: Malicious activity
Analysis date: April 29, 2025, 07:20:48
OS: Ubuntu 22.04.2
Tags:
arch-doc
evasion
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

8CE66D9CBA0BDB05A4504E3A41102B25

SHA1:

338E500E4A8F35058F20D779611864C5D3B6B66E

SHA256:

2DDC6C88BB226A0BF5581DB23055095EFF35C14B5E9F8B9A53F2E256138475ED

SSDEEP:

12288:jDx++IpVLI5yHRuHla+i4hiRM9Qz1ExSKnpCIa:jDx++IpVPHRuFa+5iRM9QyxScpCIa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • sudo (PID: 40665)
      • gnome-terminal-server (PID: 40763)

    • Reads profile file

      • file-roller (PID: 40666)

    • Reads passwd file

      • file-roller (PID: 40666)

    • Checks for external IP

      • python3.10 (PID: 40792)
      • systemd-resolved (PID: 445)

    • Connects to unusual port

      • python3.10 (PID: 40792)

  • INFO

    • Checks timezone

      • file-roller (PID: 40666)
      • 7z (PID: 40682)
      • python3.10 (PID: 40756)
      • python3.10 (PID: 40792)

    • Creates file in the temporary folder

      • nautilus (PID: 40735)
      • gdk-pixbuf-thumbnailer (PID: 40754)
      • gdk-pixbuf-thumbnailer (PID: 40751)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:04:28 07:12:46
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: CamXploit-main/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
255
Monitored processes
34
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start dash no specs sudo no specs file-roller no specs locale-check no specs 7z no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs gvfsd-network no specs systemd-hostnamed no specs gvfsd-smb-browse gvfsd-dnssd no specs 7z no specs tracker-extract-3 no specs dbus-daemon no specs nautilus no specs bwrap no specs bwrap no specs gdk-pixbuf-thumbnailer no specs bwrap no specs bwrap no specs gdk-pixbuf-thumbnailer no specs python3.10 no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs dash no specs dircolors no specs basename no specs dash no specs dirname no specs python3.10 systemd-resolved

Process information

PID
CMD
Path
Indicators
Parent process
445/lib/systemd/systemd-resolved/usr/lib/systemd/systemd-resolved
systemd
User:
systemd-resolve
Integrity Level:
UNKNOWN
40664/bin/sh -c "DISPLAY=:0 sudo -iu user file-roller /tmp/CamXploit-main\.zip "/usr/bin/dashany-guest-agent
User:
user
Integrity Level:
UNKNOWN
40665sudo -iu user file-roller /tmp/CamXploit-main.zip/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
40666file-roller /tmp/CamXploit-main.zip/usr/bin/file-rollersudo
User:
user
Integrity Level:
UNKNOWN
40667/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkfile-roller
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
40682/usr/lib/p7zip/7z l -slt -bd -y -- /tmp/CamXploit-main.zip/usr/lib/p7zip/7zfile-roller
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
40683systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40685systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40686systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40687systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
4
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
407197z/home/user/Desktop/CamXploit-main/CCTV recon.jpgimage
MD5:
SHA256:
407197z/home/user/Desktop/CamXploit-main/CamXploit.pytext
MD5:
SHA256:
407197z/home/user/Desktop/CamXploit-main/LICENSEtext
MD5:
SHA256:
407197z/home/user/Desktop/CamXploit-main/README.mdhtml
MD5:
SHA256:
407197z/home/user/Desktop/CamXploit-main/demo.pngimage
MD5:
SHA256:
407197z/home/user/Desktop/CamXploit-main/requirements.txttext
MD5:
SHA256:
40666file-roller/home/user/.local/share/recently-used.xbelxml
MD5:
SHA256:
40735nautilus/tmp/flatpak-seccomp-Y2N052 (deleted)binary
MD5:
SHA256:
40735nautilus/home/user/.cache/thumbnails/large/b627d4550cbd6f616ef97cc8001e73a2.png.EQD252binary
MD5:
SHA256:
40735nautilus/tmp/flatpak-seccomp-ZHT152 (deleted)binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
26
DNS requests
12
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
91.189.91.97:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
GET
204
91.189.91.97:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
91.189.91.97:80
Canonical Group Limited
US
unknown
484
avahi-daemon
224.0.0.251:5353
unknown
195.181.170.18:443
odrs.gnome.org
Datacamp Limited
DE
whitelisted
512
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
40705
gvfsd-smb-browse
192.168.100.255:137
whitelisted
40792
python3.10
34.117.59.81:443
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
whitelisted
40792
python3.10
129.23.232.233:80
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
  • 2a00:1450:4001:829::200e
whitelisted
odrs.gnome.org
  • 195.181.170.18
  • 207.211.211.26
  • 37.19.194.81
  • 195.181.175.41
  • 169.150.255.181
  • 169.150.255.183
  • 212.102.56.179
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::107
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
whitelisted
api.snapcraft.io
  • 185.125.188.55
  • 185.125.188.58
  • 185.125.188.59
  • 185.125.188.54
  • 2620:2d:4000:1010::6d
  • 2620:2d:4000:1010::344
  • 2620:2d:4000:1010::117
  • 2620:2d:4000:1010::42
whitelisted
4.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::97
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::197
  • 2001:67c:1562::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::22
  • 2620:2d:4000:1::2b
  • 2620:2d:4002:1::196
  • 2001:67c:1562::24
whitelisted
ipinfo.io
  • 34.117.59.81
whitelisted

Threats

PID
Process
Class
Message
445
systemd-resolved
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
445
systemd-resolved
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
40792
python3.10
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CamXploit-main.zip