URL:

https://lc2.shengage03.com/mb/zBoDGZXQvzUHv1OlH1UQew~~.ekjLwYS-bPgrpK7_1y951PFa.YODSDkqysDHlObNH03WshQ~~?q=https%3A%2F%2Fcheckpoint-security.b-cdn.net

Full analysis: https://app.any.run/tasks/66e547dd-9a95-4804-8183-c274f470185e
Verdict: Malicious activity
Analysis date: September 03, 2024, 01:05:31
OS: Ubuntu 22.04.2
Tags:
phishing
MD5:

4310B04567C1F936E64E136054FE3F64

SHA1:

91D8B42FE08060FC2223AA8F26EC43FD4B8127EE

SHA256:

D9D97769F27D2218E9EF910221F9FB8AFCF4F8EE8E5E535E90A7E1B168847C34

SSDEEP:

3:N8GXi4CECjLRmT+oweAOFdUVuJF2ji8qHUcWN8wN4fgBWCXjy6KKUHXMRJn:2GyPXLYTImFG4F2+VCzy6qHXMRJn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • systemd-resolved (PID: 425)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
298
Monitored processes
85
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sh no specs sudo no specs chrome locale-check no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome no specs chrome_crashpad_handler no specs chrome no specs chrome no specs nacl_helper no specs nacl_helper no specs chrome no specs chrome no specs chrome no specs chrome no specs xdg-settings no specs dbus-send no specs which no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs dash no specs xdg-mime no specs dbus-send no specs which no specs dash no specs awk no specs cut no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs dash no specs xdg-mime no specs dbus-send no specs chrome no specs which no specs dash no specs awk no specs cut no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs which no specs readlink no specs chrome no specs chrome no specs chrome no specs chrome no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs #PHISHING systemd-resolved

Process information

PID
CMD
Path
Indicators
Parent process
425/lib/systemd/systemd-resolved/usr/lib/systemd/systemd-resolved
systemd
User:
systemd-resolve
Integrity Level:
UNKNOWN
13406/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://lc2\.shengage03\.com/mb/zBoDGZXQvzUHv1OlH1UQew~~\.ekjLwYS-bPgrpK7_1y951PFa\.YODSDkqysDHlObNH03WshQ~~?q=https%3A%2F%2Fcheckpoint-security\.b-cdn\.net "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
13407sudo -iu user google-chrome https://lc2.shengage03.com/mb/zBoDGZXQvzUHv1OlH1UQew~~.ekjLwYS-bPgrpK7_1y951PFa.YODSDkqysDHlObNH03WshQ~~?q=https%3A%2F%2Fcheckpoint-security.b-cdn.net/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
13408/usr/bin/google-chrome https://lc2.shengage03.com/mb/zBoDGZXQvzUHv1OlH1UQew~~.ekjLwYS-bPgrpK7_1y951PFa.YODSDkqysDHlObNH03WshQ~~?q=https%3A%2F%2Fcheckpoint-security.b-cdn.net/opt/google/chrome/chrome
sudo
User:
user
Integrity Level:
UNKNOWN
13409/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
13410readlink -f /usr/bin/google-chrome/usr/bin/readlinkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
13411dirname /opt/google/chrome/google-chrome/usr/bin/dirnamechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
13412mkdir -p /home/user/.local/share/applications/usr/bin/mkdirchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
13413cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
13414cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
54
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
13408chrome/home/user/.config/google-chrome/ShaderCache/data_3binary
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/ShaderCache/data_2binary
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/ShaderCache/data_0binary
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/GPUCache/data_3vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/GPUCache/data_2vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/GPUCache/data_0vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/DawnCache/data_3vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/DawnCache/data_2vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/DawnCache/data_0vxd
MD5:
SHA256:
13408chrome/home/user/.config/google-chrome/Default/Historybinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
54
DNS requests
93
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.98:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
91.189.91.98:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
470
avahi-daemon
224.0.0.251:5353
unknown
91.189.91.49:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
185.125.190.98:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
13408
chrome
239.255.255.250:1900
whitelisted
142.250.184.195:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
151.101.193.91:443
google-ohttp-relay-safebrowsing.fastly-edge.com
unknown
173.194.76.84:443
accounts.google.com
GOOGLE
US
whitelisted
142.250.74.202:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
52.24.15.33:443
lc2.shengage03.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 91.189.91.98
  • 185.125.190.48
  • 185.125.190.97
  • 91.189.91.49
  • 185.125.190.49
  • 185.125.190.18
  • 91.189.91.97
  • 91.189.91.96
  • 185.125.190.98
  • 185.125.190.96
  • 91.189.91.48
  • 185.125.190.17
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::22
  • 2001:67c:1562::23
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::2b
  • 2620:2d:4002:1::196
  • 2001:67c:1562::24
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::23
  • 2620:2d:4002:1::198
whitelisted
google.com
  • 142.250.184.238
  • 2a00:1450:4001:831::200e
whitelisted
clientservices.googleapis.com
  • 142.250.184.195
whitelisted
accounts.google.com
  • 173.194.76.84
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.74.202
  • 216.58.206.42
  • 142.250.186.42
  • 142.250.186.74
  • 142.250.185.74
  • 172.217.18.10
  • 172.217.23.106
  • 216.58.212.170
  • 142.250.185.234
  • 172.217.16.138
  • 142.250.186.138
  • 142.250.181.234
  • 172.217.18.106
  • 172.217.16.202
  • 216.58.206.74
  • 142.250.184.202
whitelisted
lc2.shengage03.com
  • 52.24.15.33
  • 44.241.158.33
  • 44.226.229.246
  • 34.214.149.2
unknown
leo-email-tracker.saleshandy.com
whitelisted
google-ohttp-relay-safebrowsing.fastly-edge.com
  • 151.101.193.91
  • 151.101.129.91
  • 151.101.65.91
  • 151.101.1.91
unknown
checkpoint-security.b-cdn.net
  • 169.150.247.39
whitelisted
0d814rf7.zone.investir-sur-mesure.fr
  • 52.205.53.110
  • 34.233.69.206
unknown

Threats

PID
Process
Class
Message
425
systemd-resolved
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
425
systemd-resolved
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
425
systemd-resolved
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain was identified as Phishing (.dultzman .ru)
425
systemd-resolved
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain was identified as Phishing (.dultzman .ru)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://lc2.shengage03.com/mb/zBoDGZXQvzUHv1OlH1UQew~~.ekjLwYS-bPgrpK7_1y951PFa.YODSDkqysDHlObNH03WshQ~~?q=https%3A%2F%2Fcheckpoint-security.b-cdn.net