File name:

bitelchus-bitelchus--2024---BluRay-1080p_30_1029.torrent

Full analysis: https://app.any.run/tasks/fa2773a9-0743-40d7-afb0-6d120d7f27ee
Verdict: Malicious activity
Analysis date: October 10, 2024, 18:01:05
OS: Ubuntu 22.04.2
MIME: application/x-bittorrent
File info: BitTorrent file
MD5:

81DA1C2ADEC96A578A38CD2FE80B0111

SHA1:

31A177D6474269BB8F090304A96D72F9236A616D

SHA256:

E6D3E210FB5CAF7BEFF0E1E767533268FBEAF22B634135D83ADF6A28D272F3A1

SSDEEP:

6144:zP/o+1/8YQIS1ZAwD/KgGvNcEpN91iVsMHY3ikcTaxudNOt:bwc/9LwD//GuEpEz0ikcm+Ut

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads network configuration

      • sudo (PID: 13906)

    • Checks DMI information (probably VM detection)

      • systemd-hostnamed (PID: 13936)

    • Gets active network interfaces

      • sudo (PID: 13906)

    • Executes commands using command-line interpreter

      • gnome-terminal-server (PID: 14381)

    • Executes the "rm" command to delete files or directories

      • sudo (PID: 14417)

    • Potential Corporate Privacy Violation

      • transmission-gtk (PID: 13908)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.torrent | Torrent (trackerless) (57.6)
.torrent | Torrent (42.3)

EXIF

Torrent

Announce: http://173.254.204.71:1096/announce
AnnounceList1: http://173.254.204.71:1096/announce
AnnounceList2: http://182.176.139.129:6969/announce
AnnounceList3: http://5.79.83.193:2710/announce
AnnounceList4: http://91.217.91.21:3218/announce
AnnounceList5: http://explodie.org:6969/announce
AnnounceList6: http://mgtracker.org:2710/announce
AnnounceList7: http://mgtracker.org:6969/announce
AnnounceList8: http://open.acgtracker.com:1096/announce
AnnounceList9: http://tracker.edoardocolombo.eu:6969/announce
AnnounceList10: http://tracker.internetwarriors.net:1337/announce
AnnounceList11: http://tracker.kamigami.org:2710/announce
AnnounceList12: http://tracker.mg64.net:6881/announce
AnnounceList13: http://tracker.tfile.me/announce
AnnounceList14: http://tracker.tvunderground.org.ru:3218/announce
AnnounceList15: http://tracker2.itzmx.com:6961/announce
AnnounceList16: http://tracker3.itzmx.com:6961/announce
AnnounceList17: udp://151.80.120.114:2710/announce
AnnounceList18: udp://182.176.139.129:6969/announce
AnnounceList19: udp://5.79.83.193:6969/announce
AnnounceList20: udp://62.138.0.158:6969/announce
AnnounceList21: udp://9.rarbg.com:2710/announce
AnnounceList22: udp://9.rarbg.me:2780/announce
AnnounceList23: udp://9.rarbg.to:2710/announce
AnnounceList24: udp://9.rarbg.to:2730/announce
AnnounceList25: udp://bt.xxx-tracker.com:2710/announce
AnnounceList26: udp://exodus.desync.com:6969
AnnounceList27: udp://exodus.desync.com:6969/announce
AnnounceList28: udp://explodie.org:6969/announce
AnnounceList29: udp://ipv4.tracker.harry.lu:80/announce
AnnounceList30: udp://mgtracker.org:2710/announce
AnnounceList31: udp://open.demonii.si:1337/announce
AnnounceList32: udp://open.stealth.si:80/announce
AnnounceList33: udp://public.popcorn-tracker.org:6969
AnnounceList34: udp://public.popcorn-tracker.org:6969/announce
AnnounceList35: udp://retracker.lanta-net.ru:2710/announce
AnnounceList36: udp://tracker.coppersurfer.tk:1337/announce
AnnounceList37: udp://tracker.coppersurfer.tk:6969
AnnounceList38: udp://tracker.coppersurfer.tk:6969/announce
AnnounceList39: udp://tracker.coppersurfer.tk/announce
AnnounceList40: udp://tracker.internetwarriors.net:1337/announce
AnnounceList41: udp://tracker.mg64.net:2710/announce
AnnounceList42: udp://tracker.mg64.net:6969/announce
AnnounceList43: udp://tracker.opentrackr.org:1337
AnnounceList44: udp://tracker.opentrackr.org:1337/announce
AnnounceList45: udp://tracker.port443.xyz:6969/announce
AnnounceList46: udp://tracker.tiny-vps.com:6969/announce
AnnounceList47: udp://tracker.torrent.eu.org:451/announce
AnnounceList48: udp://tracker.uw0.xyz:6969/announce
AnnounceList49: udp://tracker.vanitycore.co:6969/announce
AnnounceList50: udp://tracker1.itzmx.com:8080/announce
AnnounceList51: http://104.28.1.30:8080/announce
AnnounceList52: http://104.28.16.69/announce
AnnounceList53: http://107.150.14.110:6969/announce
AnnounceList54: http://109.121.134.121:1337/announce
AnnounceList55: http://114.55.113.60:6969/announce
AnnounceList56: http://125.227.35.196:6969/announce
AnnounceList57: http://128.199.70.66:5944/announce
AnnounceList58: http://157.7.202.64:8080/announce
AnnounceList59: http://158.69.146.212:7777/announce
AnnounceList60: http://178.175.143.27/announce
AnnounceList61: http://178.33.73.26:2710/announce
AnnounceList62: http://185.5.97.139:8089/announce
AnnounceList63: http://188.165.253.109:1337/announce
AnnounceList64: http://194.106.216.222/announce
AnnounceList65: http://195.123.209.37:1337/announce
AnnounceList66: http://210.244.71.25:6969/announce
AnnounceList67: http://210.244.71.26:6969/announce
AnnounceList68: http://213.159.215.198:6970/announce
AnnounceList69: http://213.163.67.56:1337/announce
AnnounceList70: http://37.19.5.139:6969/announce
AnnounceList71: http://37.19.5.155:6881/announce
AnnounceList72: http://46.4.109.148:6969/announce
AnnounceList73: http://5.79.249.77:6969/announce
AnnounceList74: http://51.254.244.161:6969/announce
AnnounceList75: http://59.36.96.77:6969/announce
AnnounceList76: http://74.82.52.209:6969/announce
AnnounceList77: http://80.246.243.18:6969/announce
AnnounceList78: http://81.200.2.231/announce
AnnounceList79: http://85.17.19.180/announce
AnnounceList80: http://87.248.186.252:8080/announce
AnnounceList81: http://87.253.152.137/announce
AnnounceList82: http://91.216.110.47/announce
AnnounceList83: http://91.218.230.81:6969/announce
AnnounceList84: http://93.92.64.5/announce
AnnounceList85: http://atrack.pow7.com/announce
AnnounceList86: http://bt.henbt.com:2710/announce
AnnounceList87: http://bt.pusacg.org:8080/announce
AnnounceList88: http://bt2.careland.com.cn:6969/announce
AnnounceList89: http://open.lolicon.eu:7777/announce
AnnounceList90: http://open.touki.ru/announce.php
AnnounceList91: http://p4p.arenabg.ch:1337/announce
AnnounceList92: http://p4p.arenabg.com:1337/announce
AnnounceList93: http://pow7.com:80/announce
AnnounceList94: http://retracker.gorcomnet.ru/announce
AnnounceList95: http://retracker.krs-ix.ru/announce
AnnounceList96: http://retracker.krs-ix.ru:80/announce
AnnounceList97: http://secure.pow7.com/announce
AnnounceList98: http://t1.pow7.com/announce
AnnounceList99: http://t2.pow7.com/announce
AnnounceList100: http://thetracker.org:80/announce
AnnounceList101: http://torrent.gresille.org/announce
AnnounceList102: http://torrentsmd.com:8080/announce
AnnounceList103: http://tracker.aletorrenty.pl:2710/announce
AnnounceList104: http://tracker.baravik.org:6970/announce
AnnounceList105: http://tracker.bittor.pw:1337/announce
AnnounceList106: http://tracker.bittorrent.am/announce
AnnounceList107: http://tracker.calculate.ru:6969/announce
AnnounceList108: http://tracker.dler.org:6969/announce
AnnounceList109: http://tracker.dutchtracking.com/announce
AnnounceList110: http://tracker.dutchtracking.com:80/announce
AnnounceList111: http://tracker.dutchtracking.nl/announce
AnnounceList112: http://tracker.dutchtracking.nl:80/announce
AnnounceList113: http://tracker.ex.ua/announce
AnnounceList114: http://tracker.ex.ua:80/announce
AnnounceList115: http://tracker.filetracker.pl:8089/announce
AnnounceList116: http://tracker.flashtorrents.org:6969/announce
AnnounceList117: http://tracker.grepler.com:6969/announce
AnnounceList118: http://tracker.kicks-ass.net/announce
AnnounceList119: http://tracker.kicks-ass.net:80/announce
AnnounceList120: http://tracker.kuroy.me:5944/announce
AnnounceList121: http://tracker.opentrackr.org:1337/announce
AnnounceList122: http://tracker.skyts.net:6969/announce
AnnounceList123: http://tracker.tiny-vps.com:6969/announce
AnnounceList124: http://tracker.yoshi210.com:6969/announce
AnnounceList125: http://tracker1.wasabii.com.tw:6969/announce
AnnounceList126: http://tracker2.wasabii.com.tw:6969/announce
AnnounceList127: http://www.wareztorrent.com/announce
AnnounceList128: http://www.wareztorrent.com:80/announce
AnnounceList129: https://104.28.17.69/announce
AnnounceList130: https://www.wareztorrent.com/announce
AnnounceList131: udp://107.150.14.110:6969/announce
AnnounceList132: udp://109.121.134.121:1337/announce
AnnounceList133: udp://114.55.113.60:6969/announce
AnnounceList134: udp://128.199.70.66:5944/announce
AnnounceList135: udp://168.235.67.63:6969/announce
AnnounceList136: udp://178.33.73.26:2710/announce
AnnounceList137: udp://185.5.97.139:8089/announce
AnnounceList138: udp://185.86.149.205:1337/announce
AnnounceList139: udp://188.165.253.109:1337/announce
AnnounceList140: udp://191.101.229.236:1337/announce
AnnounceList141: udp://194.106.216.222:80/announce
AnnounceList142: udp://195.123.209.37:1337/announce
AnnounceList143: udp://195.123.209.40:80/announce
AnnounceList144: udp://208.67.16.113:8000/announce
AnnounceList145: udp://213.163.67.56:1337/announce
AnnounceList146: udp://37.19.5.155:2710/announce
AnnounceList147: udp://46.4.109.148:6969/announce
AnnounceList148: udp://5.79.249.77:6969/announce
AnnounceList149: udp://51.254.244.161:6969/announce
AnnounceList150: udp://62.212.85.66:2710/announce
AnnounceList151: udp://74.82.52.209:6969/announce
AnnounceList152: udp://85.17.19.180:80/announce
AnnounceList153: udp://89.234.156.205:80/announce
AnnounceList154: udp://91.218.230.81:6969/announce
AnnounceList155: udp://94.23.183.33:6969/announce
AnnounceList156: udp://eddie4.nl:6969/announce
AnnounceList157: udp://p4p.arenabg.com:1337/announce
AnnounceList158: udp://shadowshq.eddie4.nl:6969/announce
AnnounceList159: udp://shadowshq.yi.org:6969/announce
AnnounceList160: udp://torrent.gresille.org:80/announce
AnnounceList161: udp://tracker.aletorrenty.pl:2710/announce
AnnounceList162: udp://tracker.bittor.pw:1337/announce
AnnounceList163: udp://tracker.eddie4.nl:6969/announce
AnnounceList164: udp://tracker.ex.ua:80/announce
AnnounceList165: udp://tracker.filetracker.pl:8089/announce
AnnounceList166: udp://tracker.flashtorrents.org:6969/announce
AnnounceList167: udp://tracker.grepler.com:6969/announce
AnnounceList168: udp://tracker.ilibr.org:80/announce
AnnounceList169: udp://tracker.kicks-ass.net:80/announce
AnnounceList170: udp://tracker.kuroy.me:5944/announce
AnnounceList171: udp://tracker.leechers-paradise.org:6969/announce
AnnounceList172: udp://tracker.piratepublic.com:1337/announce
AnnounceList173: udp://tracker.sktorrent.net:6969/announce
AnnounceList174: udp://tracker.skyts.net:6969/announce
AnnounceList175: udp://tracker.yoshi210.com:6969/announce
AnnounceList176: udp://tracker2.indowebster.com:6969/announce
AnnounceList177: udp://tracker4.piratux.com:6969/announce
AnnounceList178: udp://zer0day.ch:1337/announce
AnnounceList179: udp://zer0day.to:1337/announce
Creator: qBittorrent v4.5.4
CreateDate: 2024:10:09 04:44:34+00:00
File1Length: 8.3 GiB
File1Path: Bitelchus Bitelchus (2024) [Bluray 1080p][Esp](wolfmax4k.com).mkv
Name: Bitelchus Bitelchus (2024) [Bluray 1080p][Esp]
PieceLength: 1048576
Pieces: (Binary data 169740 bytes, use -b option to extract)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
268
Monitored processes
45
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sh no specs sudo no specs systemctl no specs transmission-gtk locale-check no specs systemd-hostnamed no specs gvfsd-network no specs gvfsd-smb-browse gvfsd-dnssd no specs systemd-resolved gnome-terminal no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs lesspipe no specs basename no specs dash no specs dirname no specs dircolors no specs sudo no specs sudo no specs rm no specs ibus-mozc-gnome-initial-setup.sh no specs dpkg-query no specs grep no specs env no specs grep no specs grep no specs mkdir no specs seq no specs dconf no specs sleep no specs dumpe2fs no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs systemd no specs u8:4 no specs u8:4 no specs

Process information

PID
CMD
Path
Indicators
Parent process
425/lib/systemd/systemd-resolved/usr/lib/systemd/systemd-resolved
systemd
User:
systemd-resolve
Integrity Level:
UNKNOWN
13905/bin/sh -c "DISPLAY=:0 sudo -iu user transmission-gtk /tmp/bitelchus-bitelchus--2024---BluRay-1080p_30_1029\.torrent "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
Exit code:
14418
13906sudo -iu user transmission-gtk /tmp/bitelchus-bitelchus--2024---BluRay-1080p_30_1029.torrent/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
Exit code:
14418
13907systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
13908transmission-gtk /tmp/bitelchus-bitelchus--2024---BluRay-1080p_30_1029.torrent/usr/bin/transmission-gtk
sudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
14418
13909/usr/bin/locale-check C.UTF-8/usr/bin/locale-checktransmission-gtk
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
13936/lib/systemd/systemd-hostnamed/lib/systemd/systemd-hostnamedsystemd
User:
root
Integrity Level:
UNKNOWN
Exit code:
418
13941/usr/libexec/gvfsd-network --spawner :1.6 /org/gtk/gvfs/exec_spaw/1/usr/libexec/gvfsd-networkgvfsd
User:
user
Integrity Level:
UNKNOWN
13947/usr/libexec/gvfsd-smb-browse --spawner :1.6 /org/gtk/gvfs/exec_spaw/2/usr/libexec/gvfsd-smb-browse
gvfsd
User:
user
Integrity Level:
UNKNOWN
Exit code:
482
13955/usr/libexec/gvfsd-dnssd --spawner :1.6 /org/gtk/gvfs/exec_spaw/3/usr/libexec/gvfsd-dnssdgvfsd
User:
user
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
1
Text files
106
Unknown types
1

Dropped files

PID
Process
Filename
Type
13908transmission-gtk/home/user/.config/transmission/torrents/4f6b94f3ad43cee61301d30c6f8d2a9d6b7ac227.torrenttorrent
MD5:
SHA256:
13908transmission-gtk/home/user/.config/transmission/settings.jsonbinary
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/yoshi210.com (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/ilibr.org (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/zer0day.ch (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/torrentsmd.com (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/opentrackr.orgimage
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/grepler.com (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/rarbg.me (deleted)html
MD5:
SHA256:
13908transmission-gtk/home/user/.cache/transmission/favicons/tfile.me (deleted)html
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
182
TCP/UDP connections
326
DNS requests
338
Threats
238

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.17:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
13908
transmission-gtk
GET
302
46.166.189.98:80
http://xxx-tracker.com/favicon.ico
unknown
whitelisted
13908
transmission-gtk
GET
302
104.21.52.21:80
http://thetracker.org/favicon.ico
unknown
whitelisted
13908
transmission-gtk
GET
410
13.248.252.114:80
http://yoshi210.com/favicon.ico
unknown
unknown
13908
transmission-gtk
GET
403
188.114.96.3:80
http://torrentsmd.com/favicon.ico
unknown
whitelisted
13908
transmission-gtk
GET
200
199.59.243.227:80
http://tfile.me/favicon.ico
unknown
unknown
13908
transmission-gtk
GET
301
188.114.97.3:80
http://kuroy.me/favicon.ico
unknown
whitelisted
13908
transmission-gtk
GET
200
199.59.243.227:80
http://rarbg.me/favicon.ico
unknown
unknown
13908
transmission-gtk
GET
200
85.94.194.169:80
http://zer0day.ch/favicon.ico
unknown
unknown
13908
transmission-gtk
GET
410
99.83.138.213:80
http://ilibr.org/favicon.ico
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
470
avahi-daemon
224.0.0.251:5353
unknown
91.189.91.98:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
212.102.56.178:443
odrs.gnome.org
Datacamp Limited
DE
whitelisted
185.125.190.17:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
13908
transmission-gtk
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 91.189.91.98
  • 185.125.190.97
  • 91.189.91.48
  • 185.125.190.18
  • 91.189.91.96
  • 185.125.190.96
  • 185.125.190.49
  • 91.189.91.97
  • 185.125.190.48
  • 185.125.190.17
  • 185.125.190.98
  • 91.189.91.49
  • 2620:2d:4000:1::23
  • 2001:67c:1562::24
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::96
  • 2620:2d:4002:1::196
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::22
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::97
  • 2001:67c:1562::23
whitelisted
google.com
  • 104.21.52.21
  • 172.67.194.76
  • 2a00:1450:4001:803::200e
whitelisted
odrs.gnome.org
  • 212.102.56.178
  • 37.19.194.81
  • 195.181.170.18
  • 169.150.255.183
  • 195.181.175.41
  • 169.150.255.180
  • 207.211.211.26
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::107
whitelisted
api.snapcraft.io
  • 185.125.188.54
  • 185.125.188.55
  • 185.125.188.59
  • 185.125.188.58
  • 2620:2d:4000:1010::117
  • 2620:2d:4000:1010::6d
  • 2620:2d:4000:1010::2e6
  • 2620:2d:4000:1010::42
whitelisted
121.100.168.192.in-addr.arpa
unknown
xxx-tracker.com
  • 46.166.189.98
whitelisted
vanitycore.co
  • 34.94.76.146
  • 34.89.51.235
  • 35.227.59.57
  • 2600:1900:40c0:e0f3::
  • 2600:1900:4020:41db:0:1::
  • 2600:1900:4120:2214:0:1::
unknown
yi.org
  • 173.203.238.64
unknown
uw0.xyz
  • 103.224.212.210
unknown
zer0day.to
unknown

Threats

PID
Process
Class
Message
13908
transmission-gtk
Potential Corporate Privacy Violation
ET P2P Vuze BT UDP Connection (5)
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
425
systemd-resolved
Potentially Bad Traffic
ET DNS Query for .to TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bitelchus-bitelchus--2024---BluRay-1080p_30_1029.torrent