Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
logo.gif

Overview

General Information

Sample name:logo.gif
Analysis ID:1380521
MD5:684db6154468a492e65e750ef4f9f1be
SHA1:abeb0bae218e6f1d2afe03d04d133852902e8367
SHA256:1b26e14bc1b9f8b22d6780651e38f641d79ee3799fc673e055b33880b6b25b7b
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false

Signatures

Creates hidden files and/or directories
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:39.0.0 Ruby
Analysis ID:1380521
Start date and time:2024-01-24 17:59:18 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 13s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Sample name:logo.gif
Detection:CLEAN
Classification:clean1.linGIF@0/0@0/0

Warnings

  • VT rate limit hit for: logo.gif

Runtime Messages

Command:xdg-open "/tmp/logo.gif"
PID:4710
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu1
  • exo-open (PID: 4770, Parent: 4710, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open /tmp/logo.gif
    • exo-open New Fork (PID: 4778, Parent: 4770)
    • dbus-launch (PID: 4778, Parent: 4770, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
    • exo-open New Fork (PID: 4791, Parent: 4770)
      • exo-open New Fork (PID: 4794, Parent: 4791)
      • ristretto (PID: 4794, Parent: 1656, MD5: 15778690113a3fdfd05834ed1877e667) Arguments: ristretto /tmp/logo.gif
        • dbus-launch (PID: 4813, Parent: 4794, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch 11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
  • cleanup

Yara Signatures

No yara matches

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: clean1.linGIF@0/0@0/0
Source: /usr/bin/exo-open (PID: 4770)Directory: /home/james/.cacheJump to behavior
Source: /usr/bin/ristretto (PID: 4794)Directory: /home/james/.cacheJump to behavior
Source: /usr/bin/ristretto (PID: 4794)Directory: /home/james/.localJump to behavior
Source: /usr/bin/ristretto (PID: 4794)Directory: /home/james/.configJump to behavior
Source: /usr/bin/exo-open (PID: 4770)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4778)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/ristretto (PID: 4794)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4813)Queries kernel information via 'uname': Jump to behavior
Source: logo.gifBinary or memory string: eFFtSGdtbEI1bzY1UnkvdmVMCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KXQoJCQkJY2hlY2tD

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Hidden Files and Directories		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1380521 Sample: logo.gif Startdate: 24/01/2024 Architecture: LINUX Score: 1 7 exo-open 2->7         started        process3 9 exo-open 7->9         started        11 exo-open dbus-launch 7->11         started        process4 13 exo-open ristretto 9->13         started        process5 15 ristretto dbus-launch 13->15         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:ASCII text
Entropy (8bit):5.536235702258042
TrID:
  • GIF Bitmap (generic) (3003/1) 75.00%
  • PrintFox (C64) bitmap (1001/1) 25.00%
File name:logo.gif
File size:8'882'314 bytes
MD5:684db6154468a492e65e750ef4f9f1be
SHA1:abeb0bae218e6f1d2afe03d04d133852902e8367
SHA256:1b26e14bc1b9f8b22d6780651e38f641d79ee3799fc673e055b33880b6b25b7b
SHA512:4bb2c6adde07e90c180895474e6883cc4faf8ed85fff81479ba4e5df942868ad0ee283c145a0d74557a046e03e7282aac1e08eac990870f26389c1894c9120b9
SSDEEP:49152:GtHxXfEMYFWoQR5Lgoc0oCRVoB5h+rN5/N201jZwO5Si6NBVf9yIBnMD9PE2ntzh:g
TLSH:08962B3D8C422E2E7BA328ED1EDED6D11E0C6B5F78A6D406AD05418417B1EB725DB0CE
File Content Preview:GIFc2NoZW1hCgl2YzAKCQlhZG1pblJlY292ZXJ5CgkJCWV4cGlyZXM9WzBdCgkJCXJvbGU9W10KCQkJ.c2Vzc2lvbj1bXQoJCQl0b2tlbj1bXQoJCUFkbWluVUlCYW5uZXJmbGFncz1bQRRdCgkJQWRtaW5V.aVNldHRpbmc9WzBdCgkJYWR2YW5jZWRfY2xpZW50X2NvbmZpZwoJCQljbGllbnRfdWlfbW9kZT1b.Y2xhc3NpY10KCQkJY29uZ

Network Behavior

No network behavior found

System Behavior

General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/exo-open
Arguments:exo-open /tmp/logo.gif
File size:22856 bytes
MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/exo-open
Arguments:-
File size:22856 bytes
MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/dbus-launch
Arguments:dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
File size:26616 bytes
MD5 hash:e4a469f27d130d783c21ce9c1c4456c3

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/exo-open
Arguments:-
File size:22856 bytes
MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/exo-open
Arguments:-
File size:22856 bytes
MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/ristretto
Arguments:ristretto /tmp/logo.gif
File size:225576 bytes
MD5 hash:15778690113a3fdfd05834ed1877e667

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/ristretto
Arguments:-
File size:225576 bytes
MD5 hash:15778690113a3fdfd05834ed1877e667

Chronological Activities


General

Start time (UTC):16:59:57
Start date (UTC):24/01/2024
Path:/usr/bin/dbus-launch
Arguments:dbus-launch --autolaunch 11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
File size:26616 bytes
MD5 hash:e4a469f27d130d783c21ce9c1c4456c3

Chronological Activities