qFl1WpWBiv

Status: finished

Submission Time: 2022-01-12 15:18:13 +01:00

Malicious

Spreader

Trojan

Comments

Details

Analysis ID:
551806
API (Web) ID:
919328
Analysis Started:

2022-01-12 15:18:14 +01:00
Analysis Finished:

2022-01-12 15:26:26 +01:00
MD5:
ed7f32a9c5ea7ced9cc9bc39ddb08b60
SHA1:
cfc52e93fcb6aefdbc953795c667244298977770
SHA256:
047eb2ca77f1c4f430e9b96d18a46438ee3c0188b9d3910db0252a0d677eae92
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 64	System: Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)

Third Party Analysis Engines

malicious

Score: 14/43

URLs

Name	Detection
https://www.rsyslog.com
http://wiki.x.org
http://www.cisco.com/go/ciscocp
Click to see the 4 hidden entries
https://filezilla-project.org/
http://www.ubuntu.com/support)
http://%d.%d.%d.%d:%d/%s
https://ubuntu.com/blog/microk8s-memory-optimisation

Dropped files

Name	File Type	Hashes
/var/lib/AccountsService/users/gdm.RA0MF1	ASCII text	#
/proc/5900/oom_score_adj	very short file (no magic)	#
/run/user/1000/pulse/pid	ASCII text	#
Click to see the 35 hidden entries
/run/user/127/ICEauthority	data	#
/run/user/127/dconf/user	very short file (no magic)	#
/run/user/127/gdm/Xauthority	X11 Xauthority data	#
/run/user/127/pulse/pid	ASCII text	#
/tmp/server-0.xkm	Compiled XKB Keymap: lsb, version 15	#
/var/cache/motd-news	ASCII text	#
/var/lib/AccountsService/users/gdm.6UMQF1	ASCII text	#
/proc/5834/oom_score_adj	very short file (no magic)	#
/var/lib/gdm3/.config/ibus/bus/ee49dfd4fa47433baee88884e2d7de7c-unix-0	ASCII text	#
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink	very short file (no magic)	#
/var/lib/gdm3/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source	very short file (no magic)	#
/var/lib/whoopsie/whoopsie-id.Y35LF1	ASCII text, with no line terminators	#
/var/log/Xorg.0.log	ASCII text	#
/var/log/auth.log	ASCII text	#
/var/log/kern.log	ASCII text, with very long lines	#
/var/log/syslog	ASCII text, with very long lines	#
/proc/5536/oom_score_adj	very short file (no magic)	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source	ASCII text	#
/proc/5417/oom_score_adj	very short file (no magic)	#
/proc/5420/oom_score_adj	very short file (no magic)	#
/proc/5422/oom_score_adj	very short file (no magic)	#
/proc/5427/oom_score_adj	very short file (no magic)	#
/proc/5429/oom_score_adj	very short file (no magic)	#
/proc/5431/oom_score_adj	very short file (no magic)	#
/proc/5434/oom_score_adj	very short file (no magic)	#
/proc/5506/oom_score_adj	very short file (no magic)	#
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink	ASCII text	#
/proc/5539/oom_score_adj	very short file (no magic)	#
/proc/5541/oom_score_adj	very short file (no magic)	#
/proc/5543/oom_score_adj	very short file (no magic)	#
/proc/5545/oom_score_adj	very short file (no magic)	#
/proc/5547/oom_score_adj	very short file (no magic)	#
/proc/5550/oom_score_adj	very short file (no magic)	#
/proc/5714/oom_score_adj	very short file (no magic)	#
/proc/5831/oom_score_adj	very short file (no magic)	#

qFl1WpWBiv

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

qFl1WpWBiv Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

qFl1WpWBiv