URL:

https://dclouddwnldfrz.xyz/?code=cQle2GxTRdCsj&uid=281&sid=280

Full analysis: https://app.any.run/tasks/8a33c30f-1d55-4c70-9002-a67ebb13285c
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: July 05, 2025, 21:23:03
OS: Ubuntu 22.04.2
Tags:
lumma
stealer
Indicators:
MD5:

154CCB343DF4EA343BABF369E50C5A69

SHA1:

64166D30FE90A9B466356B5A43EF0855BFB41C6C

SHA256:

BEBCFDDFC713237B3247F8F31D9C8062BDAB8FD4B30828EF80A00D89487C5C57

SSDEEP:

3:N8e5BK1XhFNs1d2UAVn:2efKdjTUAV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • LUMMA has been detected (SURICATA)

      • systemd-resolved (PID: 445)

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • sudo (PID: 41394)
      • chrome (PID: 41396)

    • Contacting a server suspected of hosting an CnC

      • systemd-resolved (PID: 445)

  • INFO

    • Checks timezone

      • chrome (PID: 41396)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
83
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
dash no specs sudo no specs dash no specs chrome no specs locale-check no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome chrome no specs chrome no specs chrome no specs dash no specs dbus-send no specs dash no specs dash no specs basename no specs dash no specs dash no specs readlink no specs dash no specs grep no specs cut no specs dash no specs dash no specs dbus-send no specs dash no specs dash no specs dash no specs mawk no specs cut no specs basename no specs dash no specs dash no specs readlink no specs grep no specs cut no specs dash no specs dash no specs dash no specs dbus-send no specs dash no specs dash no specs dash no specs mawk no specs cut no specs basename no specs dash no specs dash no specs readlink no specs chrome no specs grep no specs cut no specs dash no specs chrome no specs chrome no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs #LUMMA systemd-resolved chrome no specs chrome no specs

Process information

PID
CMD
Path
Indicators
Parent process
445/lib/systemd/systemd-resolved/usr/lib/systemd/systemd-resolved
systemd
User:
systemd-resolve
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/systemd/systemd-resolved
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
/usr/lib/x86_64-linux-gnu/libhogweed.so.6.4
/usr/lib/x86_64-linux-gnu/libnettle.so.8.4
/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2
/usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0
/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
41393/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://dclouddwnldfrz\.xyz/?code=cQle2GxTRdCsj&uid=281&sid=280 "/usr/bin/dashUbvyYXL4x2mYa65Q
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41394sudo -iu user google-chrome https://dclouddwnldfrz.xyz/?code=cQle2GxTRdCsj/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
/usr/libexec/sudo/sudoers.so
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
41395/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://dclouddwnldfrz\.xyz/?code=cQle2GxTRdCsj&uid=281&sid=280 "/usr/bin/dashdash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
41396/usr/bin/google-chrome https://dclouddwnldfrz.xyz/?code=cQle2GxTRdCsj/opt/google/chrome/chromesudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.3
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libdl.so.2
/usr/lib/x86_64-linux-gnu/libpthread.so.0
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.4
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
/usr/lib/x86_64-linux-gnu/libnss3.so
/usr/lib/x86_64-linux-gnu/libnssutil3.so
/usr/lib/x86_64-linux-gnu/libsmime3.so
/usr/lib/x86_64-linux-gnu/libnspr4.so
41397/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41398readlink -f /usr/bin/google-chrome/usr/bin/readlinkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41399dirname /opt/google/chrome/google-chrome/usr/bin/dirnamechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41400mkdir -p /home/user/.local/share/applications/usr/bin/mkdirchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
41401cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
Executable files
0
Suspicious files
83
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
41396chrome/home/user/.config/google-chrome/ShaderCache/data_0binary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/ShaderCache/data_3binary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/ShaderCache/data_2binary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/Default/GPUCache/data_3binary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/Default/GPUCache/data_2binary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/Default/GPUCache/data_0binary
MD5:
SHA256:
41441chrome/home/user/.cache/mesa_shader_cache/indexbinary
MD5:
SHA256:
41538chrome/home/user/.cache/mesa_shader_cache/indexbinary
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/Default/Historysqlite
MD5:
SHA256:
41396chrome/home/user/.config/google-chrome/Default/DawnGraphiteCache/data_3binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
36
DNS requests
39
Threats
42

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.96:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.96:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
91.189.91.48:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
484
avahi-daemon
224.0.0.251:5353
unknown
1178
snap-store
37.19.194.81:443
odrs.gnome.org
Datacamp Limited
DE
whitelisted
512
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.57:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
41443
chrome
188.114.96.3:443
dclouddwnldfrz.xyz
unknown
41443
chrome
142.250.184.227:443
clientservices.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::22
  • 2001:67c:1562::23
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::23
  • 2001:67c:1562::24
  • 2620:2d:4000:1::2a
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::98
  • 185.125.190.96
  • 185.125.190.49
  • 185.125.190.98
  • 185.125.190.18
  • 91.189.91.98
  • 91.189.91.96
  • 91.189.91.97
  • 91.189.91.48
  • 185.125.190.97
  • 91.189.91.49
  • 185.125.190.48
  • 185.125.190.17
whitelisted
google.com
  • 142.250.181.238
  • 2a00:1450:4001:82f::200e
whitelisted
odrs.gnome.org
  • 37.19.194.81
  • 212.102.56.179
  • 169.150.255.181
  • 195.181.175.41
  • 195.181.170.19
  • 169.150.255.184
  • 207.211.211.27
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::107
whitelisted
api.snapcraft.io
  • 185.125.188.59
  • 185.125.188.58
  • 185.125.188.57
  • 185.125.188.54
  • 2620:2d:4000:1010::42
  • 2620:2d:4000:1010::117
  • 2620:2d:4000:1010::344
  • 2620:2d:4000:1010::2e6
whitelisted
clientservices.googleapis.com
  • 142.250.184.227
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.186.42
  • 142.250.186.74
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.184.202
  • 216.58.212.138
  • 142.250.185.74
  • 142.250.185.106
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.181.234
  • 172.217.16.202
  • 142.250.74.202
  • 216.58.206.42
whitelisted
dclouddwnldfrz.xyz
  • 188.114.96.3
  • 188.114.97.3
unknown
accounts.google.com
  • 142.250.102.84
whitelisted
8.100.168.192.in-addr.arpa
unknown
update.googleapis.com
  • 142.250.181.227
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dclouddwnldfrz.xyz/?code=cQle2GxTRdCsj&uid=281&sid=280