File name:

auditlogd

Full analysis: https://app.any.run/tasks/b9bbae58-01b0-4e6c-98c4-91e07a320bf0
Verdict: Malicious activity
Analysis date: April 29, 2025, 02:51:00
OS: Ubuntu 22.04.2
MIME: application/x-pie-executable
File info: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=c945e2bbe9bba0654c74d1eba921e9b3cfbd97dc, for GNU/Linux 3.2.0, stripped
MD5:

C3AF4ADC99C4BCB14EBBCC4E4523D37A

SHA1:

0676EDEC495DF2CF93B504DD6E768C86C374CF20

SHA256:

B7CABB72ECD623AD33A1CDDC16434804BB178FB6E9567BFC4DFB1452949A9CD3

SSDEEP:

768:hVB/aH78jLLTbjrz7DLTbjrzVVVVVVVVVVVVVVVV7DLTbjrz7DLTbjrzVVVVVVVy:fkglvZHrUJc9vRGmOp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds/modifies system service, likely for persistence

      • auditlogd.elf (PID: 39509)

  • SUSPICIOUS

    • Modifies file or directory owner

      • sudo (PID: 39495)

    • Creates or rewrites file in the "bin" folder

      • auditlogd.elf (PID: 39509)

    • Executes commands using command-line interpreter

      • sudo (PID: 39498)

    • Reads passwd file

      • auditlogd.elf (PID: 39499)

    • Reads profile file

      • auditlogd.elf (PID: 39499)

    • Writes to Systemd service files (likely for persistence achievement)

      • systemd (PID: 39516)
      • systemd (PID: 39550)
      • systemd (PID: 39584)
      • systemd (PID: 39791)
      • systemd (PID: 39926)
      • systemd (PID: 39620)
      • systemd (PID: 39654)
      • auditlogd.elf (PID: 39508)
      • systemd (PID: 39717)
      • systemd (PID: 39691)
      • systemd (PID: 40046)
      • systemd (PID: 39972)
      • systemd (PID: 40024)
      • systemd (PID: 39739)
      • systemd (PID: 40000)
      • systemd (PID: 39813)
      • systemd (PID: 40070)
      • systemd (PID: 39767)
      • systemd (PID: 39950)
      • systemd (PID: 39865)
      • systemd (PID: 39841)
      • systemd (PID: 39898)

    • Changes time attribute to hide new files or make changes to the existing one

      • find (PID: 39537)
      • find (PID: 39607)
      • find (PID: 39571)
      • find (PID: 39641)
      • find (PID: 39675)

  • INFO

    • Creates file in the temporary folder

      • auditlogd.elf (PID: 39507)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.o | ELF Executable and Linkable format (generic) (49.8)

EXIF

EXE

CPUArchitecture: 64 bit
CPUByteOrder: Little endian
ObjectFileType: Shared object file
CPUType: AMD x86-64
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
804
Monitored processes
585
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start dash no specs sudo no specs chown no specs chmod no specs sudo no specs auditlogd.elf no specs locale-check no specs bash no specs mesg no specs auditlogd.elf no specs dash no specs tr no specs auditlogd.elf cat no specs auditlogd.elf no specs auditlogd.elf no specs auditlogd.elf no specs dash no specs systemd no specs systemd no specs perl no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemctl no specs cat no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs mkdir no specs ls no specs dash no specs find no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs dash no specs perl no specs systemd no specs systemctl no specs snapd-env-generator no specs systemd no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs cat no specs mkdir no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs ls no specs dash no specs find no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs dash no specs systemd no specs perl no specs snapd-env-generator no specs systemctl no specs systemd no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs cat no specs mkdir no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs ls no specs systemd-veritysetup-generator no specs auditlogd.elf no specs auditlogd.elf no specs dash no specs find no specs dash no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs dash no specs find no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs dash no specs perl no specs systemd no specs systemd no specs systemctl no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs dash no specs find no specs dash no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs touch no specs systemctl no specs dash no specs systemd no specs getopt no specs perl no specs snapd-env-generator no specs systemd no specs systemctl no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs auditlogd.elf no specs auditlogd.elf perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs cat no specs mkdir no specs ls no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs dash no specs systemctl no specs dash no specs getopt no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs cat no specs mkdir no specs ls no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs mkdir no specs ls no specs cat no specs dash no specs systemctl no specs dash no specs systemd no specs systemd no specs getopt no specs perl no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs systemctl no specs cat no specs mkdir no specs ls no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs cat no specs mkdir no specs ls no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs dash no specs systemctl no specs dash no specs systemd no specs systemd no specs getopt no specs perl no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemctl no specs cat no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs mkdir no specs ls no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs cat no specs mkdir no specs ls no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs cat no specs mkdir no specs ls no specs dash no specs systemctl no specs systemd no specs systemd no specs dash no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs getopt no specs perl no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs cat no specs systemctl no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs mkdir no specs ls no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs cat no specs mkdir no specs ls no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs cat no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs mkdir no specs ls no specs dash no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs cat no specs mkdir no specs ls no specs systemd-veritysetup-generator no specs

Process information

PID
CMD
Path
Indicators
Parent process
39494/bin/sh -c "sudo chown user /home/user/Desktop/auditlogd\.elf && chmod +x /home/user/Desktop/auditlogd\.elf && DISPLAY=:0 sudo -i /home/user/Desktop/auditlogd\.elf "/usr/bin/dashany-guest-agent
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
39495sudo chown user /home/user/Desktop/auditlogd.elf/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39496chown user /home/user/Desktop/auditlogd.elf/usr/bin/chownsudo
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39497chmod +x /home/user/Desktop/auditlogd.elf/usr/bin/chmoddash
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
39498sudo -i /home/user/Desktop/auditlogd.elf/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39499/home/user/Desktop/auditlogd.elf/home/user/Desktop/auditlogd.elfsudo
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39500/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkauditlogd.elf
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39501-bash --login -c \/home\/user\/Desktop\/auditlogd\.elf/usr/bin/bashauditlogd.elf
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
39502sh -c "cat /usr/etc/debuginfod/*\.urls 2>/dev/null"/usr/bin/dashbash
User:
root
Integrity Level:
UNKNOWN
Exit code:
256
39503tr \n " "/usr/bin/trbash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
4
Text files
11
Unknown types
0

Dropped files

PID
Process
Filename
Type
39507auditlogd.elf/tmp/.v8-compile-cache-0.pidtext
MD5:
SHA256:
39509auditlogd.elf/usr/bin/auditlogdbinary
MD5:
SHA256:
39509auditlogd.elf/usr/sbin/hwstatsbinary
MD5:
SHA256:
39509auditlogd.elf/usr/sbin/dmesglogbinary
MD5:
SHA256:
39509auditlogd.elf/var/lib/autoupdbinary
MD5:
SHA256:
39509auditlogd.elf/etc/init.d/auditlogdtext
MD5:
SHA256:
39509auditlogd.elf/etc/init.d/hwstatstext
MD5:
SHA256:
39509auditlogd.elf/etc/init.d/dmesglogtext
MD5:
SHA256:
39509auditlogd.elf/etc/init.d/autoupdtext
MD5:
SHA256:
39509auditlogd.elf/etc/init.d/healthmontext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
5
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.48:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
GET
204
185.125.190.48:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
484
avahi-daemon
224.0.0.251:5353
unknown
185.125.190.48:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
39507
auditlogd.elf
185.189.149.151:8080
Datasource AG
CH
unknown
39712
auditlogd.elf
185.189.149.151:8080
Datasource AG
CH
unknown

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 185.125.190.48
  • 91.189.91.98
  • 185.125.190.96
  • 91.189.91.96
  • 185.125.190.97
  • 185.125.190.49
  • 91.189.91.48
  • 185.125.190.18
  • 185.125.190.98
  • 91.189.91.49
  • 91.189.91.97
  • 185.125.190.17
  • 2620:2d:4000:1::2b
  • 2620:2d:4002:1::197
  • 2620:2d:4002:1::196
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::22
  • 2001:67c:1562::24
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::96
  • 2001:67c:1562::23
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::23
whitelisted
google.com
  • 216.58.206.46
  • 2a00:1450:4001:803::200e
whitelisted
5.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
auditlogd