Linux Analysis Report
SGNConnect_v5.0.20.deb

ID:	1655141
Product:	CloudBasic
Start time:	01:20:40
Start date:	03.04.2025
Sample:	SGNConnect_v5.0.20.deb
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	8aa66ae2a690b14f05dcd0289714e99d
SHA1:	32a4113918a775b59bc2273fc11c48bc62272e89
SHA256:	7383858f6f991035ec2a43e70af6e103dc6bfc6e06c62e1d1474d638c8fb4867
Filetype:	Debian Linux Package (24024/1) 100.00%

Name	Type	MD5	SHA1	SHA256
/root/.cache/dconf/user	data	C4103F122D27677C9DB144CAE1394A66	1489F923C4DCA729178B3E3233458550D8DDDF29	96A296D224F285C67BEE93C30F8A309157F0DAA35DC5B87E410B78630A09CFC7
/tmp/dpkg-deb.7lBi6l/conffiles	ASCII text	DBFF7A958BC0F534D6008D58AF2BF3DE	9C8F94945CCDB4EF6A3AC649503D132A23A1CD6D	DD9BC6ABAFE926437022DEEC8205C69C22503F743674980E5DCDA7934BF9B2AE
/tmp/dpkg-deb.7lBi6l/control	ASCII text, with very long lines (477)	F5D2940D7DF43F1304AC4842ED2A7E64	8334D3BAD104365B3A1BC9027909A3E76050853E	C207A34F849A6674667DA8A4A69F8BDE883FD77F1689E4A099469E12F340CCE4
/tmp/dpkg-deb.7lBi6l/md5sums	ASCII text	D51256D6333FE68FF48630ADE972BEDD	3ACEB50CD777FF9D3886A13BA8AB5AE1B33BCC65	9A4645DFE628BBA9E61406507CB9E200E7165C7BA38EE4F3762872A5715CD8A6
/tmp/dpkg-deb.7lBi6l/postinst	POSIX shell script, ASCII text executable	392FBD5C7014D16B011CB18891F71341	F3B5DC6377DAC51E995FBE0D0FCB2C079EFBE909	AAB2A0C11369779D7A645862D72A24C24A5D97957566247726F10711C03D5C73
/tmp/dpkg-deb.7lBi6l/prerm	POSIX shell script, ASCII text executable	B3AE4E5A5726BBF1DCA23740AFDF094E	510EE2BA7FEEF5B07248517438A6D310CA523CAA	663218D5163743FCD49766EAB4372891ACD7353AAC3A8E227DAD60B1E7B078CB

Networking

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Source: classification engine

Classification label: clean2.linDEB@0/6@2/0

Persistence and Installation Behavior

Source: /usr/bin/exo-open (PID: 5446)	Directory: /root/.Xdefaults-galassia			Jump to behavior
Source: /usr/bin/exo-open (PID: 5446)	Directory: /root/.cache			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /root/.Xdefaults-galassia			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/local/share/fonts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /root/.local/share/fonts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /root/.fonts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cMap/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/opentype/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/type1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/Type1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/encodings/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/misc/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/util/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/opentype/malayalam/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/opentype/mathjax/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/opentype/noto/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Gargi/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Nakula/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Navilu/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/Sarai/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/dejavu/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/droid/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/freefont/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/kacst/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lao/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lato/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/liberation/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/liberation2/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/malayalam/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/noto/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/openoffice/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/padauk/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/pagul/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/samyak/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/sinhala/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/tlwg/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/type1/urw-base35/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /usr/share/fonts/X11/encodings/large/.uuid			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Directory: /root/.cache			Jump to behavior
Source: /usr/bin/tar (PID: 5467)	Directory: /tmp/dpkg-deb.7lBi6l/.			Jump to behavior

Source: /usr/bin/dpkg-deb (PID: 5468)

Rm executable: /usr/bin/rm -> rm -rf -- /tmp/dpkg-deb.7lBi6l

Jump to behavior

Source: /usr/bin/tar (PID: 5467)	File: /tmp/dpkg-deb.7lBi6l/postinst (bits: - usr: rx grp: rx all: rwx)			Jump to behavior
Source: /usr/bin/tar (PID: 5467)	File: /tmp/dpkg-deb.7lBi6l/prerm (bits: - usr: rx grp: rx all: rwx)			Jump to behavior
Source: /usr/bin/tar (PID: 5467)	File: /tmp/dpkg-deb.7lBi6l/. (bits: - usr: rx grp: rx all: rwx)			Jump to behavior

Source: /usr/bin/tar (PID: 5467)	Writes shell script file to disk with an unusual file extension: /tmp/dpkg-deb.7lBi6l/postinst			Jump to dropped file
Source: /usr/bin/tar (PID: 5467)	Writes shell script file to disk with an unusual file extension: /tmp/dpkg-deb.7lBi6l/prerm			Jump to dropped file

Malware Analysis System Evasion

Source: /usr/bin/exo-open (PID: 5446)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 5450)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 5456)	Queries kernel information via 'uname':			Jump to behavior