Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

bluefish-data_2.2.12-1.1_all(1).deb

Debian binary package (format 2.0), with control.tar.xz, data compression xz

initial sample

Details

Filetype:	Debian binary package (format 2.0), with control.tar.xz, data compression xz
Entropy:	7.999825201790194
Filename:	bluefish-data_2.2.12-1.1_all(1).deb
Filesize:	2412364
MD5:	f3b0147686843cf4b09551c626bdd77d
SHA1:	4f9f4570ba5e21f859744b4f20122b30235dfb02
SHA256:	1e6b6f39d9384307e8110aafcaa9323412abf9084391448b2b10b5c0c19527b7
SHA512:	c73203d2fc210e5e1ffb21532cb3204ea8a55c8f72601ef8d9d930b3a62430c372d549aba83d6b0afee8d660bf43add7d1e520756c5fd681d0467bfe9731ece5
SSDEEP:	49152:yK8ucGBX5zsXtngg51KHPQ9Dftw+insblQMdE3QhkVSza2ops+e:yzg+tngg5+o9bxisZQMdR/a2o++e
Preview:	!<arch>.debian-binary 1616548588 0 0 100644 4 `.2.0.control.tar.xz 1616548588 0 0 100644 9824 `..7zXZ......F...L...!..........]'...&.].....}....J>y...&.a<>..\p.-.&h.u^$.TK.Qdhw..5]..V.~.4..J..i:........%.mF.e<....J#.$..

/home/james/.cache/dconf/user

data

dropped

Details

File:	/home/james/.cache/dconf/user
Category:	dropped
Dump:	user.32.dr
ID:	dr_0
Target ID:	32
Process:	/usr/bin/gnome-software
Type:	data
Entropy:	0.0
Encrypted:	false
Ssdeep:	3::
Size:	2
Whitelisted:	false
Reputation:	moderate

/home/james/.local/share/gnome-software/ubuntu-reviews.db

SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1

dropped

Details

File:	/home/james/.local/share/gnome-software/ubuntu-reviews.db
Category:	dropped
Dump:	ubuntu-reviews.db.32.dr
ID:	dr_2
Target ID:	32
Process:	/usr/bin/gnome-software
Type:	SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
Entropy:	1.8137112654833607
Encrypted:	false
Ssdeep:	96:5WtpHVGjjKopHVGjIKopHVGj4KopHVGjz:6HVGjDHVGjuHVGjeHVGjz
Size:	12288
Whitelisted:	false
Reputation:	low

/home/james/.local/share/gnome-software/ubuntu-reviews.db-journal

SQLite Rollback Journal

dropped

Details

File:	/home/james/.local/share/gnome-software/ubuntu-reviews.db-journal
Category:	dropped
Dump:	ubuntu-reviews.db-journal.32.dr
ID:	dr_1
Target ID:	32
Process:	/usr/bin/gnome-software
Type:	SQLite Rollback Journal
Entropy:	2.1830879500652727
Encrypted:	false
Ssdeep:	96:7eiekOWtpHVGjx/xKopHVGjMpAmKopHVGj1:7j3tHVGjhFHVGjH4HVGj1
Size:	7208
Whitelisted:	false
Reputation:	low

/tmp/dpkg-deb.YO0WnW/control

ASCII text

dropped

Details

File:	/tmp/dpkg-deb.YO0WnW/control
Category:	dropped
Dump:	control.59.dr
ID:	dr_3
Target ID:	59
Process:	/bin/tar
Type:	ASCII text
Entropy:	4.711367082300045
Encrypted:	false
Ssdeep:	24:vpDO/gM4LLvHGgw054tI5WUgWM5g/0hQYXsHEvwsiMk:vpDO/gM4LbHGTltIQzSyQYWsk
Size:	1064
Whitelisted:	false
Reputation:	low

/tmp/dpkg-deb.YO0WnW/md5sums

ASCII text

dropped

Details

File:	/tmp/dpkg-deb.YO0WnW/md5sums
Category:	dropped
Dump:	md5sums.59.dr
ID:	dr_4
Target ID:	59
Process:	/bin/tar
Type:	ASCII text
Entropy:	5.193725989322713
Encrypted:	false
Ssdeep:	384:tPIT+LTMzM0G2ui1ml7pES2nTI5pCeuzt50mGv5XOLVHXOgXO15JWr2aEykwnVut:tc+LTIM0Jwb248rVTiRyUnt1
Size:	37217
Whitelisted:	false
Reputation:	low

/var/lib/fwupd/pending.db

SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1

dropped

Details

File:	/var/lib/fwupd/pending.db
Category:	dropped
Dump:	pending.db.50.dr
ID:	dr_6
Target ID:	50
Process:	/usr/lib/x86_64-linux-gnu/fwupd/fwupd
Type:	SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
Entropy:	1.1422572379832086
Encrypted:	false
Ssdeep:	12:HLiuWkHS51C6p08GZVMMf8J3ajJj2gT5oDGS3K:riuWUS5cDXZVIqsgTRS3
Size:	3072
Whitelisted:	false
Reputation:	low

/var/lib/fwupd/pending.db-journal

data

dropped

Details

File:	/var/lib/fwupd/pending.db-journal
Category:	dropped
Dump:	pending.db-journal.50.dr
ID:	dr_5
Target ID:	50
Process:	/usr/lib/x86_64-linux-gnu/fwupd/fwupd
Type:	data
Entropy:	0.27937671757176796
Encrypted:	false
Ssdeep:	3:Eh1FlxllxFEG2l/n:Eb+/l/n
Size:	524
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/usr/bin/exo-open

exo-open /tmp/bluefish-data_2.2.12-1.1_all(1).deb

/usr/bin/exo-open

/usr/bin/dbus-launch

dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr

/usr/bin/exo-open

/usr/bin/gnome-software

gnome-software --local-filename=/tmp/bluefish-data_2.2.12-1.1_all(1).deb

/usr/bin/gnome-software

/usr/bin/dbus-launch

dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr

/usr/bin/gnome-software

/usr/bin/dpkg-deb

/usr/bin/dpkg-deb --showformat=${Package}\\n${Version}\\n${Installed-Size}\\n${Homepage}\\n${Description} -W /tmp/bluefish-data_2.2.12-1.1_all(1).deb

/usr/bin/dpkg-deb

/bin/tar

tar -x -m -f - --warning=no-timestamp

/usr/bin/dpkg-deb

/bin/rm

rm -rf -- /tmp/dpkg-deb.YO0WnW

/usr/bin/gnome-software

/usr/bin/dpkg

/usr/bin/dpkg --print-foreign-architectures

/usr/bin/gnome-software

/usr/bin/dpkg

/usr/bin/dpkg --print-foreign-architectures

/lib/systemd/systemd

/usr/lib/x86_64-linux-gnu/fwupd/fwupd

There are 12 hidden processes, click here to show them.

URLs

Name

Malicious

http://bluefish.openoffice.nl

unknown

Domains

Name

Malicious

reviews.ubuntu.com

unknown

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bluefish-data_2.2.12-1.1_all(1).deb

Files

Processes

URLs

Domains

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbluefish-data_2.2.12-1.1_all(1).deb

Files

Processes

URLs

Domains

IOC Report
bluefish-data_2.2.12-1.1_all(1).deb