A bug was found
0x0019 opened this issue · 1 comments
When I submit a Trojan file for analysis, the analysis function will be suspended in Finding URLs patterns.
The operation log is as follows:
analyzer-service-1 | 2022-08-14 03:01:23.541910 > Default timeout 120s for the task, and 100s for each logic analyzer-service-1 | 2022-08-14 03:01:23.544042 > Task 7547c51f-437d-4ff1-a55a-c46c78d412aa (Started) analyzer-service-1 | 2022-08-14 03:01:23.545319 > Setting up task 7547c51f-437d-4ff1-a55a-c46c78d412aa logger analyzer-service-1 | 2022-08-14 03:01:23.578170 X Starting Analyzing analyzer-service-1 | 2022-08-14 03:01:23.580749 > Start analyzing /analyzer/folders/malware/11111 analyzer-service-1 | 2022-08-14 03:01:23.582937 X Getting file details analyzer-service-1 | 2022-08-14 03:01:23.693783 X Setting up ouput folder analyzer-service-1 | 2022-08-14 03:01:23.696655 X Checking file encoding analyzer-service-1 | 2022-08-14 03:01:23.705208 X Analyzing PE file analyzer-service-1 | 2022-08-14 03:01:24.729926 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:26.035348 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.143096 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.152995 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.159991 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.234146 X Analyzing behaviors analyzer-service-1 | 2022-08-14 03:01:29.986047 X Making symbol xrefs analyzer-service-1 | 2022-08-14 03:01:34.009601 X Checking whitelist analyzer-service-1 | 2022-08-14 03:01:34.293063 X Finding english strings analyzer-service-1 | 2022-08-14 03:01:34.516280 X Finding phishing patterns analyzer-service-1 | 2022-08-14 03:01:34.518208 X Finding URLs patterns
This situation will stay for a long time, about 5 minutes. During this period, if other file analysis work is submitted, it will not run.
After that, the operation log is displayed as follows
analyzer-service-1 | 2022-08-14 03:01:34.293063 X Finding english strings analyzer-service-1 | 2022-08-14 03:01:34.516280 X Finding phishing patterns analyzer-service-1 | 2022-08-14 03:01:34.518208 X Finding URLs patterns analyzer-service-1 | 2022-08-14 03:36:07.608959 X Finding IP4s patterns analyzer-mongodb-1 | 2022-08-14T03:36:07.610+0000 I - [conn2] end connection 172.18.0.4:55576 (6 connections now open) analyzer-service-1 | 2022-08-14 03:36:07.610510 > analyzer.intell.qbpatterns.analyze > 100s.. Timeout analyzer-mongodb-1 | 2022-08-14T03:36:07.612+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:38360 #7 (6 connections now open) analyzer-mongodb-1 | 2022-08-14T03:36:07.612+0000 I NETWORK [conn7] received client metadata from 172.18.0.4:38360 conn7: { driver: { name: "PyMongo", version: "3.12.1" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-124-generic" }, platform: "CPython 3.8.10.final.0" } analyzer-mongodb-1 | 2022-08-14T03:36:07.613+0000 I ACCESS [conn7] Successfully authenticated as principal changeme_9620eh26sfvka017fx on admin analyzer-service-1 | 2022-08-14 03:36:07.614948 X Finding suspicious strings analyzer-service-1 | 2022-08-14 03:36:07.631111 X Analyzing URLs
Moreover, this analysis task is not displayed in the task on the web page.No HTML and JSON analysis reports were generated.
After that, all files could not be analyzed.
The sample file download link:https://mega.nz/file/JLUQlBwL#KTmo3wD7jtHkvfwZq4Zv4gO9ijN7Fjwc3gIxa0CiPU0