urlscan.io logo urlscan.io
SecurityTrails logo

www.malwr.ee Open in urlscan Pro
2a00:6a00:ad1:806::82  Public Scan

Back to summary
URL: https://www.malwr.ee/analysis/3933394/summary
Submission: On June 02 via manual from FR — Scanned from FR

Form analysis 1 forms found in the DOM

<form class="modal-dialog">
  <div class="modal-content">
    <div class="modal-header">
      <h4><i class="fa fa-bug"></i> Feedback</h4>
    </div>
    <p class="modal-section arrow">Expecting different results? Share this analysis report with us and we’ll investigate it. Please include a brief message of what you had expected to see and what you got instead.</p>
    <div class="modal-section modal-form arrow">
      <div class="form-col">
        <fieldset>
          <input type="text" name="name" id="feedback-name" required="">
          <label for="feedback-name">Your name</label>
        </fieldset>
        <fieldset>
          <input type="text" name="email" id="feedback-email" required="">
          <label for="feedback-email">Your email</label>
        </fieldset>
      </div>
      <div class="form-col">
        <fieldset>
          <input type="text" name="company" id="feedback-company" required="">
          <label for="feedback-company">Your company</label>
        </fieldset>
      </div>
    </div>
    <div class="modal-section modal-form arrow">
      <textarea name="message" id="feedback-message" placeholder="Describe to us what does not seem to work properly."></textarea>
    </div>
    <div class="modal-section modal-form arrow arrow-center" id="feedback-includes">
      <div class="modal-form__checkbox">
        <input type="checkbox" name="include_analysis" id="feedback-analysis" disabled="">
        <label for="feedback-analysis"><span></span> Include analysis</label>
      </div>
      <div class="modal-form__checkbox">
        <input type="checkbox" name="include_memdump" id="feedback-memdump" disabled="">
        <label for="feedback-memdump"><span></span> Include memory dump</label>
      </div>
    </div>
    <div class="modal-section modal-form no-flex center">
      <p id="feedback-size">Estimated report size: <strong class="file-estimation">estimating...</strong></p>
      <button class="modal-submit" type="submit" formnovalidate="">Send feedback report</button>
      <p>or <a href="modal:cancel">cancel</a></p>
    </div>
    <div class="modal-section modal-footer center"></div>
  </div>
</form>

Text Content

 * Dashboard
 * Recent
 * Pending
 * Search

 * Submit
 * Import

 * SELECT THEME
   
    * Default
    * Cyborg
    * Night



BROWSER RECOMMENDATION

Hello, we noticed that you are using . For the best performance of this
application, we recommend to use Chrome, Firefox or any browser that supports
WebKit.

Dismiss Don't show again
 * Summary
 * Static Analysis
 * Extracted Artifacts
 * Behavioral Analysis
 * Network Analysis
 * Dropped Files 0
 * Dropped Buffers
 * MISP 1
 * Process Memory
 * Compare Analysis
 * Export Analysis
 * Reboot Analysis
 * Options
 * Feedback
 * 


SUMMARY

URL DETAILS

URL http://cdn.zuduf.cfd/static/s3/exec6625/Ravenwise.tgz

SCORE

This url is very suspicious, with a score of 7.1 out of 10!

Please notice: The scoring system is currently still in development and should
be considered an alpha feature.

--------------------------------------------------------------------------------

FEEDBACK

Expecting different results? Send us this analysis and we will inspect it. Click
here

INFORMATION ON EXECUTION

Analysis

Category Started Completed Duration Routing Logs URL March 1, 2023, 12:42 p.m.
March 1, 2023, 12:43 p.m. 26 seconds internet Show Analyzer Log
Show Cuckoo Log

ANALYZER LOG

2023-03-01 12:42:54,004 [root] DEBUG: Starting analyzer from: /tmp/tmpYIDL9l
2023-03-01 12:42:54,004 [root] DEBUG: Storing results at: /tmp/DnLJerbA
2023-03-01 12:42:54,005 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpYIDL9l/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpYIDL9l/analyzer.py", line 131, in run
    package_class = choose_package_class(None, None, **kwargs)
  File "/tmp/tmpYIDL9l/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "gz": it does not exist.
Traceback (most recent call last):
  File "/tmp/tmpYIDL9l/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpYIDL9l/analyzer.py", line 131, in run
    package_class = choose_package_class(None, None, **kwargs)
  File "/tmp/tmpYIDL9l/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "gz": it does not exist.


CUCKOO LOG

2023-03-01 12:42:57,940 [cuckoo.core.scheduler] INFO: Task #3933394: acquired machine Ubuntu1904x647 (label=Ubuntu1904x647)
2023-03-01 12:42:57,940 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.107 for task #3933394
2023-03-01 12:42:58,051 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1050404 (interface=vboxnet0, host=192.168.168.107)
2023-03-01 12:42:58,274 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x647
2023-03-01 12:42:58,615 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x647 to Snapshot
2023-03-01 12:43:10,169 [cuckoo.core.guest] INFO: Starting analysis #3933394 on guest (id=Ubuntu1904x647, ip=192.168.168.107)
2023-03-01 12:43:11,174 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: not ready yet
2023-03-01 12:43:16,190 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x647, ip=192.168.168.107)
2023-03-01 12:43:16,216 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x647, ip=192.168.168.107, monitor=latest, size=73219)
2023-03-01 12:43:16,355 [cuckoo.core.resultserver] DEBUG: Task #3933394: live log analysis.log initialized.
2023-03-01 12:43:19,276 [cuckoo.core.guest] INFO: Ubuntu1904x647: analysis completed successfully
2023-03-01 12:43:19,285 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2023-03-01 12:43:19,332 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2023-03-01 12:43:19,763 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x647 to path /srv/cuckoo/cwd/storage/analyses/3933394/memory.dmp
2023-03-01 12:43:19,765 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x647
2023-03-01 12:43:23,493 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.107 for task #3933394
2023-03-01 12:43:23,620 [cuckoo.core.scheduler] DEBUG: Released database task #3933394
2023-03-01 12:43:23,632 [cuckoo.core.scheduler] INFO: Task #3933394: analysis procedure completed


SIGNATURES

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5
events)

malwares_com URL checker malware site Fortinet malware site CyRadar malicious
site VIPRE malicious site SCUMWARE_org malware site

Screenshots

No screenshots available.

Name Response Post-Analysis Lookup No hosts contacted.

IP Address Status Action VT Location No hosts contacted.

©2010-2018 Cuckoo Sandbox

Back to Top
Back to the top
©2010-2018 Cuckoo Sandbox

FEEDBACK

Expecting different results? Share this analysis report with us and we’ll
investigate it. Please include a brief message of what you had expected to see
and what you got instead.

Your name Your email
Your company

Include analysis
Include memory dump

Estimated report size: estimating...

Send feedback report

or cancel



We're processing your submission... This could take a few seconds.

Close