URL:

https://shre.ink/cancelar-compra-online24

Full analysis: https://app.any.run/tasks/e345c5e7-370e-41ff-9aa3-8b5acf1ef65a
Verdict: Malicious activity
Analysis date: July 31, 2024, 21:52:12
OS: Ubuntu 22.04.2
Tags:
phishing
MD5:

AA1DF0B51F20BD94231FFA3F43D90B26

SHA1:

2D573CD77A5C9ABB23446F9FAB54B06BF93C356A

SHA256:

38CEB653E32CFD49F41370D01055F9F75CC790F4D23B4B72EA7304C58101CE2A

SSDEEP:

3:N8AeKOGszKEC:2AupKP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • systemd-resolved (PID: 425)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
300
Monitored processes
88
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
sh no specs sudo no specs chrome locale-check no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome no specs chrome no specs chrome no specs nacl_helper no specs nacl_helper no specs chrome no specs chrome no specs chrome no specs xdg-settings no specs dbus-send no specs which no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs dash no specs xdg-mime no specs dbus-send no specs which no specs dash no specs awk no specs cut no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs chrome no specs which no specs readlink no specs dash no specs xdg-mime no specs dbus-send no specs which no specs dash no specs awk no specs cut no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs chrome no specs systemctl no specs systemctl no specs chrome no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs systemctl no specs systemctl no specs systemctl no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs #PHISHING systemd-resolved chrome no specs chrome no specs chrome no specs chrome no specs

Process information

PID
CMD
Path
Indicators
Parent process
425/lib/systemd/systemd-resolved/usr/lib/systemd/systemd-resolved
systemd
User:
systemd-resolve
Integrity Level:
UNKNOWN
12921/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://shre\.ink/cancelar-compra-online24 "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
12922sudo -iu user google-chrome https://shre.ink/cancelar-compra-online24/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
12923/usr/bin/google-chrome https://shre.ink/cancelar-compra-online24/opt/google/chrome/chrome
sudo
User:
user
Integrity Level:
UNKNOWN
12924/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12925readlink -f /usr/bin/google-chrome/usr/bin/readlinkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12926dirname /opt/google/chrome/google-chrome/usr/bin/dirnamechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12927mkdir -p /home/user/.local/share/applications/usr/bin/mkdirchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12928cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
12929cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
98
Text files
2
Unknown types
3

Dropped files

PID
Process
Filename
Type
12923chrome/home/user/.config/google-chrome/ShaderCache/data_3vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/ShaderCache/data_2vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/ShaderCache/data_0vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/GPUCache/data_3vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/GPUCache/data_2vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/GPUCache/data_0binary
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/DawnCache/data_3vxd
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/DawnCache/data_2binary
MD5:
SHA256:
12923chrome/home/user/.config/google-chrome/Default/DawnCache/data_0vxd
MD5:
SHA256:
12966chrome/home/user/.cache/mesa_shader_cache/indexkoa
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
56
DNS requests
138
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.49:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.18:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
185.125.190.49:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
195.181.175.40:443
odrs.gnome.org
Datacamp Limited
DE
unknown
142.250.185.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
12923
chrome
239.255.255.250:1900
whitelisted
108.177.15.84:443
accounts.google.com
GOOGLE
US
unknown
142.250.186.74:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
54.87.217.210:443
shre.ink
AMAZON-AES
US
unknown
151.101.193.91:443
google-ohttp-relay-safebrowsing.fastly-edge.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 185.125.190.18
  • 91.189.91.49
  • 91.189.91.48
  • 91.189.91.96
  • 185.125.190.17
  • 185.125.190.98
  • 91.189.91.97
  • 185.125.190.96
  • 185.125.190.49
  • 185.125.190.48
  • 91.189.91.98
  • 185.125.190.97
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::22
  • 2001:67c:1562::24
  • 2001:67c:1562::23
  • 2620:2d:4002:1::196
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::23
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::98
whitelisted
google.com
  • 142.250.185.142
  • 2a00:1450:4001:810::200e
whitelisted
odrs.gnome.org
  • 195.181.175.40
  • 138.199.37.38
  • 138.199.37.40
  • 156.146.33.15
  • 138.199.37.25
  • 195.181.170.19
  • 156.146.33.138
  • 212.102.56.178
  • 2a02:6ea0:c700::107
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::18
whitelisted
clientservices.googleapis.com
  • 142.250.185.195
whitelisted
accounts.google.com
  • 108.177.15.84
whitelisted
shre.ink
  • 54.87.217.210
  • 52.5.123.7
unknown
safebrowsingohttpgateway.googleapis.com
  • 142.250.186.74
  • 172.217.23.106
  • 172.217.18.10
  • 142.250.186.42
  • 142.250.185.202
  • 216.58.206.42
  • 142.250.184.234
  • 142.250.185.106
  • 142.250.185.170
  • 142.250.186.138
  • 142.250.181.234
  • 142.250.184.202
  • 142.250.185.74
  • 142.250.186.106
  • 142.250.185.234
  • 142.250.185.138
whitelisted
google-ohttp-relay-safebrowsing.fastly-edge.com
  • 151.101.193.91
  • 151.101.1.91
  • 151.101.129.91
  • 151.101.65.91
unknown
www.googletagmanager.com
  • 142.250.185.232
whitelisted
scripts.cleverwebserver.com
  • 172.64.154.9
  • 104.18.33.247
unknown

Threats

PID
Process
Class
Message
425
systemd-resolved
Misc activity
ET INFO DNS Query to Online Application Hosting Domain (glitch .me)
425
systemd-resolved
Misc activity
ET INFO DNS Query to Online Application Hosting Domain (glitch .me)
425
systemd-resolved
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
425
systemd-resolved
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
Misc activity
ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
425
systemd-resolved
Misc activity
ET INFO DNS Query to Online Application Hosting Domain (glitch .me)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://shre.ink/cancelar-compra-online24