Malware analysis dl.drp.su Malicious activity | ANY.RUN

Add for printing

URL:	dl.drp.su
Full analysis:	https://app.any.run/tasks/b0a5f491-6b97-46fe-b9ba-7629da4f5bdb
Verdict:	Malicious activity
Analysis date:	March 28, 2024, 02:56:59
OS:	Ubuntu 22.04.2
MD5:	66F5522ACF1738B0344BEE205C0747DC
SHA1:	C96567DE59BA1A618DDE6548E03D788FE4AAC34C
SHA256:	857B4AC444A7E6ADE2A0BB661B0BEC460978227EBA6AE88E3A8EC49515031817
SSDEEP:	3:dXAQn:KQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

298

Monitored processes

78

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
9289	/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome \"dl\.drp\.su\" "	/bin/sh	—	any-guest-agent
User: root Integrity Level: UNKNOWN
9290	sudo -iu user google-chrome dl.drp.su	/usr/bin/sudo	—	sh
User: root Integrity Level: UNKNOWN
9291	/usr/bin/google-chrome dl.drp.su	/opt/google/chrome/chrome	—	sudo
User: user Integrity Level: UNKNOWN
9292	/usr/bin/locale-check C.UTF-8	/usr/bin/locale-check	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9293	readlink -f /usr/bin/google-chrome	/usr/bin/readlink	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9294	dirname /opt/google/chrome/google-chrome	/usr/bin/dirname	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9295	mkdir -p /home/user/.local/share/applications	/usr/bin/mkdir	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9296	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
9297	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
9298		/opt/google/chrome/chrome	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0

Add for printing

Executable files

0

Suspicious files

0

Text files

0

Unknown types

0

Dropped files

PID	Process	Filename		Type
9291	chrome	/9291/fd/63		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/BrowserMetrics/BrowserMetrics-6604DC80-244B.pma		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/discounts_db/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/chrome_cart_db/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/commerce_subscription_db/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/PersistentOriginTrials/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/coupon_db/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/parcel_tracking_db/LOG		—
		MD5:—	SHA256:—
9291	chrome	/home/user/.config/google-chrome/Default/Local Storage/leveldb/LOG		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

0

TCP/UDP connections

0

DNS requests

18

Threats

15

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

Domain	IP	Reputation
clientservices.googleapis.com	142.250.186.35	whitelisted
accounts.google.com	173.194.69.84	shared
dl.drp.su	87.117.239.150 87.117.231.157 81.94.192.167 87.117.239.151	whitelisted
download.drp.su	—	unknown
dl.driverpack.io	87.117.239.151 87.117.231.157 81.94.192.167 87.117.239.150	unknown
download-storage.driverpack.io	95.154.194.108	unknown
update.googleapis.com	142.250.184.227	whitelisted
75.100.168.192.in-addr.arpa	—	unknown
www.google.com	142.250.185.132	whitelisted

Threats

PID	Process	Class	Message
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP DriverPack Domain in DNS Query
—	—	Potentially Bad Traffic	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
—	—	Potentially Bad Traffic	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP DriverPack Domain in DNS Query
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
—	—	Potentially Bad Traffic	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP DriverPack Domain in DNS Query
—	—	Potentially Bad Traffic	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
—	—	Possibly Unwanted Program Detected	ET ADWARE_PUP DriverPack Domain in DNS Query

Add for printing

No debug info

General Info

dl.drp.su

66F5522ACF1738B0344BEE205C0747DC

C96567DE59BA1A618DDE6548E03D788FE4AAC34C

857B4AC444A7E6ADE2A0BB661B0BEC460978227EBA6AE88E3A8EC49515031817

3:dXAQn:KQ

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings