URL: | http://71.19.146.161/?fbclid=IwZXh0bgNhZW0CMTEAAR2mwW9dT66t6VBaZ_9Nwq7MoWlRDh5_KRw0cjK-Fh5CEVXQ-pC0RXvmPeA_aem_Ab1a9u9shwHmfKkbjpDY4QY1Fy1kFaJbnOQD0yZVagE-NB2Ql_89hQMs75Q6OP1fHmutmUjwZfx-vVman1iEPurz |
Full analysis: | https://app.any.run/tasks/e1083580-547b-48dc-a61b-a717684f67dc |
Verdict: | Malicious activity |
Analysis date: | May 02, 2024, 15:20:16 |
OS: | Ubuntu 22.04.2 |
Tags: | |
Indicators: | |
MD5: | 2C60BD9C8E2659DB1F4114B174B47E8A |
SHA1: | 424CC6A74F9BDA73FE9A7F4AF712ACB8644CA61F |
SHA256: | CDF98A80CDDEE8AA9DF3A38DE94BA56FBB6E87F43A28CBD04A9054EF9C4A47EC |
SSDEEP: | 6:CagKImn9nqxYBiqrhDeQxuaAdu3aKliqqAq6fn:lft9CYIq9DeQ4LeBgqqKn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9258 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://71\.19\.146\.161/?fbclid=IwZXh0bgNhZW0CMTEAAR2mwW9dT66t6VBaZ_9Nwq7MoWlRDh5_KRw0cjK-Fh5CEVXQ-pC0RXvmPeA_aem_Ab1a9u9shwHmfKkbjpDY4QY1Fy1kFaJbnOQD0yZVagE-NB2Ql_89hQMs75Q6OP1fHmutmUjwZfx-vVman1iEPurz " | /bin/sh | — | any-guest-agent |
User: user Integrity Level: UNKNOWN Exit code: 209 | ||||
9259 | sudo -iu user google-chrome http://71.19.146.161/?fbclid=IwZXh0bgNhZW0CMTEAAR2mwW9dT66t6VBaZ_9Nwq7MoWlRDh5_KRw0cjK-Fh5CEVXQ-pC0RXvmPeA_aem_Ab1a9u9shwHmfKkbjpDY4QY1Fy1kFaJbnOQD0yZVagE-NB2Ql_89hQMs75Q6OP1fHmutmUjwZfx-vVman1iEPurz | /usr/bin/sudo | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 9260 | ||||
9260 | /usr/bin/google-chrome http://71.19.146.161/?fbclid=IwZXh0bgNhZW0CMTEAAR2mwW9dT66t6VBaZ_9Nwq7MoWlRDh5_KRw0cjK-Fh5CEVXQ-pC0RXvmPeA_aem_Ab1a9u9shwHmfKkbjpDY4QY1Fy1kFaJbnOQD0yZVagE-NB2Ql_89hQMs75Q6OP1fHmutmUjwZfx-vVman1iEPurz | /opt/google/chrome/chrome | — | sudo |
User: user Integrity Level: UNKNOWN Exit code: 496 | ||||
9261 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9262 | readlink -f /usr/bin/google-chrome | /usr/bin/readlink | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9263 | dirname /opt/google/chrome/google-chrome | /usr/bin/dirname | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9264 | mkdir -p /home/user/.local/share/applications | /usr/bin/mkdir | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9265 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 9484 | ||||
9266 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 9260 | ||||
9267 | /opt/google/chrome/chrome | — | chrome | |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9260 | chrome | /9260/fd/63 | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /home/user/.config/google-chrome/BrowserMetrics/BrowserMetrics-6633AF36-242C.pma | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /.com.google.Chrome.FDsufW | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /.com.google.Chrome.Un1N2w | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /home/user/.config/google-chrome/Default/Sync Data/LevelDB/LOG | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /.com.google.Chrome.wDbbru | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /.com.google.Chrome.LQip1i | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /home/user/.config/google-chrome/Default/Local Storage/leveldb/LOG | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /home/user/.config/google-chrome/Default/Site Characteristics Database/LOG | — | |
MD5:— | SHA256:— | |||
9260 | chrome | /home/user/.config/google-chrome/Default/discounts_db/LOG | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 204 | 185.125.190.98:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/?fbclid=IwZXh0bgNhZW0CMTEAAR2mwW9dT66t6VBaZ_9Nwq7MoWlRDh5_KRw0cjK-Fh5CEVXQ-pC0RXvmPeA_aem_Ab1a9u9shwHmfKkbjpDY4QY1Fy1kFaJbnOQD0yZVagE-NB2Ql_89hQMs75Q6OP1fHmutmUjwZfx-vVman1iEPurz | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/js/jquery.transit.min.js | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/assets/land.png | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/css/reset.css | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/css/main.css | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/js/buzz.min.js | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/assets/replay.png | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/assets/splash.png | unknown | — | — | unknown |
— | — | GET | 200 | 71.19.146.161:80 | http://71.19.146.161/assets/plane.png | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 185.125.190.98:80 | — | Canonical Group Limited | GB | unknown |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 185.125.188.58:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 185.125.188.55:443 | api.snapcraft.io | Canonical Group Limited | GB | unknown |
— | — | 142.250.185.195:443 | clientservices.googleapis.com | GOOGLE | US | unknown |
— | — | 239.255.255.250:1900 | — | — | — | unknown |
— | — | 64.233.166.84:443 | accounts.google.com | GOOGLE | US | unknown |
— | — | 71.19.146.161:80 | — | PRGMR | US | unknown |
— | — | 71.19.146.161:443 | — | PRGMR | US | unknown |
— | — | 142.250.186.106:443 | ajax.googleapis.com | GOOGLE | US | unknown |
Domain | IP | Reputation |
---|---|---|
api.snapcraft.io |
| unknown |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
ajax.googleapis.com |
| whitelisted |
76.100.168.192.in-addr.arpa |
| unknown |
www.google.com |
| whitelisted |
update.googleapis.com |
| unknown |
optimizationguide-pa.googleapis.com |
| whitelisted |
connectivity-check.ubuntu.com |
| unknown |