File name: | b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf |
Full analysis: | https://app.any.run/tasks/758820fb-9a9d-45e6-b415-d9d300786b96 |
Verdict: | Malicious activity |
Analysis date: | May 02, 2024, 10:08:52 |
OS: | Ubuntu 22.04.2 |
MIME: | application/x-executable |
File info: | ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped |
MD5: | 3023EAF453A136A0B72DE7D45EC57ABF |
SHA1: | 5B482B248863FCB84CCC6FA6EFC5E4A0807D36E3 |
SHA256: | B316E3EE6D724D6515E4D9D85928A0A4ECDB4259EEB3F1278E89D3E8E4697DB4 |
SSDEEP: | 1536:3UoikAzQl+3uAmkoUWtTbT4rYzXkXDfffCxN6Dvc8FH6S:EoikAzQl+3uAmkoUpYzufXCCQ3S |
.o | | | ELF Executable and Linkable format (generic) (49.8) |
---|
CPUType: | i386 |
---|---|
ObjectFileType: | Executable file |
CPUByteOrder: | Little endian |
CPUArchitecture: | 32 bit |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9265 | /bin/sh -c "sudo chown user /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4\.elf\.o && chmod +x /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4\.elf\.o && DISPLAY=:0 sudo -iu user /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4\.elf\.o " | /bin/sh | — | any-guest-agent |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9266 | sudo chown user /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9267 | chown user /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /usr/bin/chown | — | sudo |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9268 | chmod +x /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /usr/bin/chmod | — | sh |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9269 | sudo -iu user /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
9270 | /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | — | sudo |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9271 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9272 | httpd 316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | — | b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o |
User: user Integrity Level: UNKNOWN | ||||
9273 | httpd 316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | /tmp/b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o | — | b316e3ee6d724d6515e4d9d85928a0a4ecdb4259eeb3f1278e89d3e8e4697db4.elf.o |
User: user Integrity Level: UNKNOWN | ||||
9274 | /usr/libexec/gnome-session-ctl --exec-stop-check | /usr/libexec/gnome-session-ctl | — | systemd |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9312 | systemd | /systemd/inaccessible/reg | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-nm\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-im\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-ubuntu\x2dadvantage\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-user\x2ddirs\x2dupdate\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-snap\x2duserd\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-ubuntu\x2dreport\x2don\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-print\[email protected] | — | |
MD5:— | SHA256:— | |||
9317 | systemd-xdg-autostart-generator | /systemd/generator.late/app-ibus\x2dmozc\x2dgnome\x2dinitial\[email protected] | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 185.125.188.55:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.59:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 89.190.156.145:7733 | — | Alsycon B.V. | NL | unknown |
— | — | 94.156.79.215:33966 | cnc.voidnet.space | Vivacom | BG | unknown |
Domain | IP | Reputation |
---|---|---|
api.snapcraft.io |
| unknown |
cnc.voidnet.space |
| unknown |
22.100.168.192.in-addr.arpa |
| unknown |
connectivity-check.ubuntu.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc Attack | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 |
— | — | Misc Attack | ET DROP Spamhaus DROP Listed Traffic Inbound group 15 |