File name: | 314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf |
Full analysis: | https://app.any.run/tasks/91de09d9-365f-471f-97a0-b1599885d977 |
Verdict: | Malicious activity |
Threats: | A botnet is a group of internet-connected devices that are controlled by a single individual or group, often without the knowledge or consent of the device owners. These devices can be used to launch a variety of malicious attacks, such as distributed denial-of-service (DDoS) attacks, spam campaigns, and data theft. Botnet malware is the software that is used to infect devices and turn them into part of a botnet. |
Analysis date: | May 01, 2024, 08:14:55 |
OS: | Ubuntu 22.04.2 |
Tags: | |
MIME: | application/x-executable |
File info: | ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped |
MD5: | 7B2FB9CAC8B5C666B7A3190E53F4BF98 |
SHA1: | 6FD296E296F522A1C5262029618801DF542959F5 |
SHA256: | 314C86D10CA98A0BB8F424C583985AD2BFFA4A12CE72A7F9E56C2D4D42096BC4 |
SSDEEP: | 3072:aH+z/tq86X1YlxXUiQYQy7SQnTuCfRLxJViymbp:aH+z/tq86X1YlxXBQYQy7SQnyCfRUymd |
.o | | | ELF Executable and Linkable format (generic) (100) |
---|
CPUType: | AMD x86-64 |
---|---|
ObjectFileType: | Executable file |
CPUByteOrder: | Little endian |
CPUArchitecture: | 64 bit |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9257 | /bin/sh -c "sudo chown user /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4\.elf\.o && chmod +x /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4\.elf\.o && DISPLAY=:0 sudo -iu user /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4\.elf\.o " | /bin/sh | — | any-guest-agent |
User: root Integrity Level: UNKNOWN | ||||
9258 | sudo chown user /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9259 | chown user /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /usr/bin/chown | — | sudo |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9260 | chmod +x /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /usr/bin/chmod | — | sh |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9261 | sudo -iu user /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN | ||||
9262 | /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | — | sudo |
User: user Integrity Level: UNKNOWN | ||||
9263 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | 314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9264 | httpd 14c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | /tmp/314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o | — | 314c86d10ca98a0bb8f424c583985ad2bffa4a12ce72a7f9e56c2d4d42096bc4.elf.o |
User: user Integrity Level: UNKNOWN | ||||
9267 | /usr/libexec/gnome-session-ctl --exec-stop-check | /usr/libexec/gnome-session-ctl | — | systemd |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9270 | /usr/libexec/gsd-rfkill | /usr/libexec/gsd-rfkill | — | systemd |
User: user Integrity Level: UNKNOWN Exit code: 496 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9323 | systemd | /user.slice/user-128.slice/[email protected]/app.slice/cgroup.subtree_control | — | |
MD5:— | SHA256:— | |||
9323 | systemd | /user.slice/user-128.slice/[email protected]/background.slice/cgroup.subtree_control | — | |
MD5:— | SHA256:— | |||
9323 | systemd | /user.slice/user-128.slice/[email protected]/session.slice/cgroup.subtree_control | — | |
MD5:— | SHA256:— | |||
9323 | systemd | /user.slice/user-128.slice/[email protected]/app.slice/dbus.socket/cgroup.subtree_control | — | |
MD5:— | SHA256:— | |||
9323 | systemd | /user.slice/user-128.slice/[email protected]/app.slice/gvfs-mtp-volume-monitor.service/cgroup.subtree_control | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 204 | 91.189.91.48:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 91.189.91.48:80 | — | Canonical Group Limited | US | unknown |
— | — | 185.125.190.18:80 | — | Canonical Group Limited | GB | unknown |
— | — | 185.125.190.96:80 | — | Canonical Group Limited | GB | unknown |
— | — | 156.146.33.141:443 | — | Datacamp Limited | DE | unknown |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 89.190.156.145:7733 | — | Alsycon B.V. | NL | unknown |
— | — | 94.156.8.76:33966 | net.kovey-net.xyz | Vivacom | BG | unknown |
Domain | IP | Reputation |
---|---|---|
net.kovey-net.xyz |
| malicious |
85.100.168.192.in-addr.arpa |
| unknown |
connectivity-check.ubuntu.com |
| unknown |
api.snapcraft.io |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Malware Command and Control Activity Detected | BOTNET [ANY.RUN] Possible Mirai.Gen (Linux) |
— | — | Malware Command and Control Activity Detected | BOTNET [ANY.RUN] Possible Mirai.Gen (Linux) |