URL:

bavel.biz

Full analysis: https://app.any.run/tasks/0cc68702-396f-4a45-b511-d46e56158ea3
Verdict: Malicious activity
Analysis date: July 01, 2024, 08:59:34
OS: Ubuntu 22.04.2
Indicators:
MD5:

B8FCAD47B9E1C97D015D4ED37F740B00

SHA1:

58C018BEED1187ECD179A79C4645C250BE704B0C

SHA256:

86E22E77670553F651B00FBC8F30870984665BB1640A4F825480F183114933F2

SSDEEP:

3:9an:8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
215
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
sh no specs sudo no specs

Process information

PID
CMD
Path
Indicators
Parent process
12934/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome bavel\.biz "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
12935sudo -iu user google-chrome bavel.biz/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
35
DNS requests
51
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.18:80
http://connectivity-check.ubuntu.com/
unknown
POST
200
184.24.77.71:80
http://r11.o.lencr.org/
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.18:80
Canonical Group Limited
GB
unknown
185.125.190.48:80
Canonical Group Limited
GB
unknown
1195
snap-store
156.146.33.137:443
odrs.gnome.org
Datacamp Limited
DE
unknown
485
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
224.0.0.251:5353
unknown
172.217.16.195:443
clientservices.googleapis.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
odrs.gnome.org
  • 156.146.33.137
  • 156.146.33.141
  • 195.181.170.18
  • 212.102.56.181
  • 195.181.175.41
  • 212.102.56.179
  • 156.146.33.15
  • 195.181.175.16
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::22
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::10
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
unknown
api.snapcraft.io
  • 185.125.188.54
  • 185.125.188.59
  • 185.125.188.58
  • 185.125.188.55
unknown
clientservices.googleapis.com
  • 172.217.16.195
unknown
accounts.google.com
  • 64.233.166.84
unknown
bavel.biz
  • 91.126.134.93
unknown
safebrowsingohttpgateway.googleapis.com
  • 216.58.212.138
  • 142.250.186.138
  • 216.58.206.42
  • 142.250.186.170
  • 142.250.185.234
  • 142.250.185.170
  • 142.250.181.234
  • 142.250.185.74
  • 142.250.185.202
  • 142.250.185.106
  • 142.250.186.42
  • 142.250.186.74
  • 172.217.23.106
  • 216.58.212.170
  • 142.250.185.138
  • 216.58.206.74
unknown
google-ohttp-relay-safebrowsing.fastly-edge.com
  • 151.101.65.91
  • 151.101.1.91
  • 151.101.193.91
  • 151.101.129.91
unknown
www.google.com
  • 142.250.186.132
unknown
update.googleapis.com
  • 142.250.181.227
unknown
197.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
bavel.biz