File name:

and

Full analysis: https://app.any.run/tasks/cbd4eab0-da50-420a-a61c-9c7a8f79a9d6
Verdict: Malicious activity
Analysis date: May 07, 2024, 03:48:03
OS: Ubuntu 22.04.2
MIME: text/plain
File info: ASCII text
MD5:

B3FF85092FDC4A703A778487D7412BD7

SHA1:

858B5B580012BA48CE7B24F3805A6FE405DD93DC

SHA256:

77CD93F80DED52063DABC1DF7607825D7373F94FF0382FF9C970973635E1AF7F

SSDEEP:

48:N0ZGfTCltlp1AxlJ1lKpxzldlOlIil6lQ3l26lvtlW1lsBlp41avl3KVlBKolWbp:e1AlktWf44d+Y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • gnome-terminal-server (PID: 9307)

    • Checks DMI information (probably VM detection)

      • systemd-hostnamed (PID: 9287)
      • pipewire (PID: 9403)
      • pulseaudio (PID: 9405)
      • udevadm (PID: 9815)

    • Reads /proc/mounts (likely used to find writable filesystems)

      • fusermount3 (PID: 9462)
      • dbus-daemon (PID: 9415)
      • fusermount3 (PID: 9814)
      • gjs (PID: 9759)
      • fusermount3 (PID: 9816)
      • fusermount3 (PID: 9817)
      • dbus-daemon (PID: 9836)
      • fusermount3 (PID: 9846)
      • fusermount3 (PID: 9906)
      • fusermount3 (PID: 9907)

    • Executes the "rm" command to delete files or directories

      • snapd-desktop-integration (PID: 9818)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
371
Monitored processes
147
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sh no specs chmod no specs dash no specs dbus-daemon no specs nautilus no specs systemd-hostnamed no specs gnome-terminal no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs lesspipe no specs basename no specs dash no specs dirname no specs dircolors no specs dir no specs ls no specs ls no specs ls no specs bash no specs pkill no specs pkill no specs bash no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs default no specs gdm-session-worker no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs gnome-session-ctl no specs systemd no specs pipewire no specs pipewire-media-session no specs pulseaudio no specs snap no specs tracker-extract-3 no specs gdm-wayland-session no specs dbus-daemon no specs xdg-permission-store no specs fusermount3 no specs tracker-miner-fs-3 no specs dbus-daemon no specs at-spi-bus-launcher no specs gvfs-udisks2-volume-monitor no specs gvfs-mtp-volume-monitor no specs systemd-localed no specs systemd no specs dbus-daemon no specs dbus-daemon no specs at-spi2-registryd no specs gjs no specs gsd-sharing no specs gnome-shell no specs gnome-session-binary no specs gsd-datetime no specs gsd-media-keys no specs gsd-screensaver-proxy no specs gsd-sound no specs gsd-a11y-settings no specs gsd-housekeeping no specs gsd-power no specs systemd-hostnamed no specs dbus-daemon no specs xkbcomp no specs ibus-engine-m17n no specs gsd-print-notifications no specs gsd-printer no specs dbus-daemon no specs gvfsd no specs ibus-dconf no specs dbus-daemon no specs ibus-portal no specs ibus-daemon no specs xbrlapi no specs dbus-daemon no specs gjs no specs ibus-engine-simple no specs gdm-session-worker no specs sh no specs whoopsie no specs systemctl no specs gnome-session-ctl no specs sh no specs dbus-update-activation-environment no specs gnome-session-ctl no specs fusermount3 no specs udevadm no specs fusermount3 no specs fusermount3 no specs snapd-desktop-integration no specs snap-seccomp no specs dbus-daemon no specs xdg-document-portal no specs xdg-permission-store no specs fusermount3 no specs snap-confine no specs snap-confine no specs 5 no specs date no specs chmod no specs bash no specs cat no specs md5sum no specs bash no specs cat no specs md5sum no specs grep no specs snapctl no specs snapctl no specs xdg-user-dirs-update no specs bash no specs bash no specs realpath no specs realpath no specs bash no specs bash no specs bash no specs realpath no specs realpath no specs realpath no specs bash no specs bash no specs realpath no specs realpath no specs bash no specs realpath no specs ln no specs rm no specs ln no specs snapd-desktop-integration no specs fusermount3 no specs fusermount3 no specs systemd-user-runtime-dir no specs tracker-extract-3 no specs gvfsd-metadata no specs gdm-session-worker no specs gdm-session-worker no specs

Process information

PID
CMD
Path
Indicators
Parent process
9258/bin/sh -c "chmod 777 and ; \./and "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
9259chmod 777 and/usr/bin/chmodsh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
9260/bin/sh -c "chmod 777 and ; \./and "/usr/bin/dashsh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
9268/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only/usr/bin/dbus-daemondbus-daemon
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
9269/usr/bin/nautilus --gapplication-service/usr/bin/nautilusdbus-daemon
User:
user
Integrity Level:
UNKNOWN
Exit code:
9665
9287/lib/systemd/systemd-hostnamed/lib/systemd/systemd-hostnamedsystemd
User:
root
Integrity Level:
UNKNOWN
Exit code:
209
9300/usr/bin/python3 /usr/bin/gnome-terminal/usr/bin/gnome-terminalgnome-shell
User:
user
Integrity Level:
UNKNOWN
Exit code:
1
9302/usr/bin/gnome-terminal.real/usr/bin/gnome-terminal.realgnome-terminal
User:
user
Integrity Level:
UNKNOWN
Exit code:
416
9307/usr/libexec/gnome-terminal-server/usr/libexec/gnome-terminal-serversystemd
User:
user
Integrity Level:
UNKNOWN
Exit code:
9302
9325bash/bin/bashgnome-terminal-server
User:
user
Integrity Level:
UNKNOWN
Exit code:
9307
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
9269nautilus/home/user/.local/share/nautilus/tags/meta.db-wal
MD5:
SHA256:
9269nautilus/home/user/.local/share/nautilus/tags/meta.db-shm
MD5:
SHA256:
9269nautilus/home/user/.local/share/nautilus/tags/.meta.isrunning
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/session.slice/pipewire.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/session.slice/pipewire-media-session.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/session.slice/pulseaudio.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/app.slice/snap.snapd-desktop-integration.snapd-desktop-integration.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/background.slice/tracker-extract-3.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/app.slice/dbus.service/cgroup.subtree_control
MD5:
SHA256:
9390systemd/user.slice/user-128.slice/user@128.service/app.slice/xdg-permission-store.service/cgroup.subtree_control
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
6
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.97:80
http://connectivity-check.ubuntu.com/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.97:80
Canonical Group Limited
GB
unknown
91.189.91.49:80
Canonical Group Limited
US
unknown
224.0.0.251:5353
unknown
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown

DNS requests

Domain
IP
Reputation
134.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 2620:2d:4000:1::96
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::197
  • 2001:67c:1562::23
  • 2620:2d:4000:1::22
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::97
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::2b
  • 2001:67c:1562::24
unknown
api.snapcraft.io
  • 185.125.188.59
  • 185.125.188.55
  • 185.125.188.54
  • 185.125.188.58
unknown

Threats

No threats detected
No debug info