URL:

https://es.wikihow.com/enviar-un-email-con-Telnet

Full analysis: https://app.any.run/tasks/7d382c4d-94ec-4259-8b69-35f890aee234
Verdict: Malicious activity
Analysis date: June 10, 2024, 14:26:04
OS: Ubuntu 22.04.2
Indicators:
MD5:

FDA2668DADD4ACD80E5B927AEA20EECD

SHA1:

0E5CC5DF89A95861A209F802BE00F1DFBFF56E29

SHA256:

C769C3527CB44C72421340ED97F336F5AB8EBFBD9B406B736907CA1B53DE0530

SSDEEP:

3:N81/jYSLGT4gL967QcR:2uLT4gR6kcR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • gnome-terminal-server (PID: 12809)

    • Connects to SMTP port

      • telnet (PID: 12844)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
308
Monitored processes
92
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
systemctl no specs systemctl no specs sh no specs sudo no specs firefox locale-check no specs snap-seccomp no specs snap-confine no specs dumpe2fs no specs 5 no specs systemctl no specs mkdir no specs realpath no specs realpath no specs xdg-user-dirs-update no specs bash no specs realpath no specs bash no specs realpath no specs bash no specs realpath no specs bash no specs realpath no specs bash no specs bash no specs realpath no specs realpath no specs bash no specs realpath no specs bash no specs ln no specs realpath no specs mkdir no specs ln no specs rm no specs firefox no specs snapctl no specs snapctl no specs glxtest no specs snap no specs firefox no specs firefox no specs systemd-timedated no specs firefox no specs firefox no specs xdg-settings no specs dbus-send no specs cut no specs dbus-daemon no specs snap no specs xdg-settings no specs which no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs dash no specs xdg-mime no specs which no specs dash no specs dash no specs dash no specs tr no specs dash no specs tr no specs dash no specs awk no specs cut no specs dash no specs basename no specs dash no specs which no specs readlink no specs grep no specs cut no specs dash no specs firefox no specs firefox no specs gnome-terminal no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs lesspipe no specs basename no specs dash no specs dircolors no specs dirname no specs telnet

Process information

PID
CMD
Path
Indicators
Parent process
12446systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12447systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12448/bin/sh -c "DISPLAY=:0 sudo -iu user firefox https://es\.wikihow\.com/enviar-un-email-con-Telnet "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
12788
12449sudo -iu user firefox https://es.wikihow.com/enviar-un-email-con-Telnet/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
Exit code:
12642
12450/snap/firefox/3358/usr/lib/firefox/firefox https://es.wikihow.com/enviar-un-email-con-Telnet/snap/firefox/3358/usr/lib/firefox/firefox
sudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
12450
12451/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkfirefox
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12465/snap/snapd/20290/usr/lib/snapd/snap-seccomp version-info/snap/snapd/20290/usr/lib/snapd/snap-seccompfirefox
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12473/snap/snapd/20290/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://es.wikihow.com/enviar-un-email-con-Telnet/snap/snapd/20290/usr/lib/snapd/snap-confinefirefox
User:
user
Integrity Level:
UNKNOWN
12474dumpe2fs -h /dev/sda3/usr/sbin/dumpe2fsudisksd
User:
root
Integrity Level:
UNKNOWN
12475snap-update-ns --from-snap-confine firefox/dev/fd/5firefox
User:
user
Integrity Level:
UNKNOWN
Exit code:
637
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
33
DNS requests
47
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
12450
firefox
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
12450
firefox
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
12450
firefox
POST
200
23.216.154.162:80
http://r3.o.lencr.org/
unknown
unknown
12450
firefox
POST
200
23.216.154.162:80
http://r3.o.lencr.org/
unknown
unknown
12450
firefox
POST
200
23.216.154.162:80
http://r3.o.lencr.org/
unknown
unknown
12450
firefox
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
12450
firefox
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
12450
firefox
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
470
avahi-daemon
224.0.0.251:5353
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
12450
firefox
151.101.65.91:443
es.wikihow.com
FASTLY
US
unknown
12450
firefox
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
12450
firefox
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
12450
firefox
23.216.154.162:80
r3.o.lencr.org
Akamai International B.V.
IE
unknown
12450
firefox
18.66.147.85:443
dn0qt3r0xannq.cloudfront.net
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
api.snapcraft.io
  • 185.125.188.55
  • 185.125.188.59
  • 185.125.188.54
  • 185.125.188.58
unknown
9.100.168.192.in-addr.arpa
unknown
es.wikihow.com
  • 151.101.65.91
  • 151.101.193.91
  • 151.101.1.91
  • 151.101.129.91
unknown
detectportal.firefox.com
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
n.sni.global.fastly.net
unknown
example.org
  • 93.184.215.14
  • 2606:2800:21f:cb07:6820:80da:af6b:8b2c
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
shared
prod.ads.prod.webservices.mozgcp.net
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://es.wikihow.com/enviar-un-email-con-Telnet