| File name: | x86_64 |
| Full analysis: | https://app.any.run/tasks/79734ff6-e5df-454c-94e1-803617290754 |
| Verdict: | Malicious activity |
| Analysis date: | April 29, 2025, 00:58:49 |
| OS: | Ubuntu 22.04.2 |
| MIME: | application/x-executable |
| File info: | ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped |
| MD5: | C4BFBE7E3532AB2919B1A1830A5C4FF8 |
| SHA1: | 3F1A63FAF8EFBC38DDCCBF0A7F21A791689D6558 |
| SHA256: | DB4BF970A827C22DC5CFF87FF8662BE1F7D71711E91131329E46089C31D80099 |
| SSDEEP: | 1536:fbfrovIWdzk0VqgMM9Sc+wOFFd4xjbIDVQAoM5Ov:fbfrovIWhYEoc+wOTd4xjbIqAoEOv |
MALICIOUS
No malicious indicators.SUSPICIOUS
Modifies file or directory owner
- sudo (PID: 40654)
Executes commands using command-line interpreter
- sudo (PID: 40657)
Reads profile file
- x86_64.elf (PID: 40658)
Connects to unusual port
- x86_64.elf (PID: 40662)
Reads passwd file
- x86_64.elf (PID: 40658)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .o | | | ELF Executable and Linkable format (generic) (100) |
|---|
EXIF
EXE
| CPUArchitecture: | 64 bit |
|---|---|
| CPUByteOrder: | Little endian |
| ObjectFileType: | Executable file |
| CPUType: | AMD x86-64 |
Total processes
232
Monitored processes
12
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 40653 | /bin/sh -c "sudo chown user /tmp/x86_64\.elf && chmod +x /tmp/x86_64\.elf && DISPLAY=:0 sudo -iu user /tmp/x86_64\.elf " | /usr/bin/dash | — | any-guest-agent |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40654 | sudo chown user /tmp/x86_64.elf | /usr/bin/sudo | — | dash |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40655 | chown user /tmp/x86_64.elf | /usr/bin/chown | — | sudo |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40656 | chmod +x /tmp/x86_64.elf | /usr/bin/chmod | — | dash |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40657 | sudo -iu user /tmp/x86_64.elf | /usr/bin/sudo | — | dash |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40658 | /tmp/x86_64.elf | /tmp/x86_64.elf | — | sudo |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40659 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | x86_64.elf |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40660 | /tmp/x86_64.elf | /tmp/x86_64.elf | — | x86_64.elf |
User: user Integrity Level: UNKNOWN Exit code: 9 | ||||
| 40661 | /tmp/x86_64.elf | /tmp/x86_64.elf | — | x86_64.elf |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40662 | /tmp/x86_64.elf | /tmp/x86_64.elf | x86_64.elf | |
User: user Integrity Level: UNKNOWN | ||||
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
6
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 204 | 185.125.190.49:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
484 | avahi-daemon | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 91.189.91.98:80 | — | Canonical Group Limited | US | unknown |
— | — | 185.125.190.49:80 | — | Canonical Group Limited | GB | unknown |
40662 | x86_64.elf | 84.200.154.119:4568 | — | diva-e Datacenters GmbH | DE | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
10.100.168.192.in-addr.arpa |
| unknown |
connectivity-check.ubuntu.com |
| whitelisted |