Summary

x86

File x86

Summary
Download Resubmit sample

Size 82.1KB
Type ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
MD5 c066f8cfb64c43af3ab91e947b84a113
SHA1 182aeda6c9cf49b7aefeb070dacec4d4a4787b95
SHA256 78ac45234d2f8e88b242746539953ef3ff348c55216a5e946dcdcbb4fb6dc6ad
SHA512
a04760c37840574bebe290651f25316fe83b9e4aa81be164bb247d164681c1ddd1b7bab7e9d412035e45e839f31a853d78791d68ef8d7247eff047907d9f7120
CRC32 11989CD1
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 25, 2024, 8:34 p.m. Dec. 25, 2024, 8:35 p.m. 85 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2024-12-25 20:32:56,005 [root] DEBUG: Starting analyzer from: /tmp/tmpnqPqT0
2024-12-25 20:32:56,006 [root] DEBUG: Storing results at: /tmp/DrqXhnn
2024-12-25 20:32:58,017 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2024-12-25 20:32:58,021 [modules.auxiliary.human] INFO: Human started v0.02
2024-12-25 20:32:58,023 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2024-12-25 20:33:05,854 [lib.core.packages] INFO: Process startup took 7.82 seconds
2024-12-25 20:33:05,857 [root] INFO: Added new process to list with pid: 2066
2024-12-25 20:33:14,866 [root] INFO: Process with pid 2066 has terminated
2024-12-25 20:33:14,866 [root] INFO: Process list is empty, terminating analysis.
2024-12-25 20:33:17,869 [lib.core.packages] INFO: Package requested stop
2024-12-25 20:33:17,870 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2024-12-25 20:34:09,375 [cuckoo.core.scheduler] DEBUG: Task #5695859: no machine available yet
2024-12-25 20:34:10,397 [cuckoo.core.scheduler] DEBUG: Task #5695859: no machine available yet
2024-12-25 20:34:11,419 [cuckoo.core.scheduler] DEBUG: Task #5695859: no machine available yet
2024-12-25 20:34:12,445 [cuckoo.core.scheduler] INFO: Task #5695859: acquired machine Ubuntu1904x647 (label=Ubuntu1904x647)
2024-12-25 20:34:12,446 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.107 for task #5695859
2024-12-25 20:34:12,678 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 268859 (interface=vboxnet0, host=192.168.168.107)
2024-12-25 20:34:12,703 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x647
2024-12-25 20:34:13,149 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x647 to Snapshot
2024-12-25 20:34:19,441 [cuckoo.core.guest] INFO: Starting analysis #5695859 on guest (id=Ubuntu1904x647, ip=192.168.168.107)
2024-12-25 20:34:20,461 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: not ready yet
2024-12-25 20:34:25,485 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x647, ip=192.168.168.107)
2024-12-25 20:34:25,513 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x647, ip=192.168.168.107, monitor=latest, size=73219)
2024-12-25 20:34:25,726 [cuckoo.core.resultserver] DEBUG: Task #5695859: live log analysis.log initialized.
2024-12-25 20:34:30,643 [cuckoo.core.resultserver] DEBUG: Task #5695859: File upload for 'shots/0001.jpg'
2024-12-25 20:34:30,672 [cuckoo.core.resultserver] DEBUG: Task #5695859 uploaded file length: 171580
2024-12-25 20:34:40,765 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #5695859 still processing
2024-12-25 20:34:47,607 [cuckoo.core.resultserver] DEBUG: Task #5695859: File upload for 'logs/all.stap'
2024-12-25 20:34:47,610 [cuckoo.core.resultserver] DEBUG: Task #5695859 uploaded file length: 2800
2024-12-25 20:34:55,866 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #5695859 still processing
2024-12-25 20:35:10,948 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #5695859 still processing
2024-12-25 20:35:26,043 [cuckoo.core.guest] INFO: Ubuntu1904x647: end of analysis reached!
2024-12-25 20:35:26,055 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-25 20:35:26,076 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-25 20:35:26,792 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x647 to path /srv/cuckoo/cwd/storage/analyses/5695859/memory.dmp
2024-12-25 20:35:26,794 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x647
2024-12-25 20:35:33,970 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.107 for task #5695859
2024-12-25 20:35:33,971 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 5695859
2024-12-25 20:35:34,235 [cuckoo.core.scheduler] DEBUG: Released database task #5695859
2024-12-25 20:35:34,252 [cuckoo.core.scheduler] INFO: Task #5695859: analysis procedure completed

Signatures

File has been identified by 15 AntiVirus engine on IRMA as malicious (15 events)
G Data Antivirus (Windows) Virus: Trojan.Linux.Mirai.AMTU (Engine A)
Avast Core Security (Linux) ELF:Mirai-BJH [Trj]
C4S ClamAV (Linux) Unix.Dropper.Mirai-7135925-0
F-Secure Antivirus (Linux) Exploit.EXP/ELF.Mirai.Z.A [Aquarius]
Windows Defender (Windows) Backdoor:Linux/Gafgyt.BR!MTB
Forticlient (Linux) ELF/Mirai.A!tr
Sophos Anti-Virus (Linux) Linux/DDoS-CIA
eScan Antivirus (Linux) Trojan.Linux.Mirai.AMTU(DB)
ESET Security (Windows) a variant of Linux/Mirai.CBS trojan
McAfee CLI scanner (Linux) Lnx/Mirai-FEBN
DrWeb Antivirus (Linux) Linux.Siggen.9999
ClamAV (Linux) Unix.Dropper.Mirai-7135925-0
Bitdefender Antivirus (Linux) Trojan.Linux.Mirai.AMTU
Kaspersky Standard (Windows) HEUR:Backdoor.Linux.Mirai.cw
Emsisoft Commandline Scanner (Windows) Trojan.Linux.Mirai.AMTU (B)
File has been identified by 38 AntiVirus engines on VirusTotal as malicious (38 events)
Lionic Trojan.Linux.Mirai.K!c
Elastic Linux.Trojan.Gafgyt
Cynet Malicious (score: 99)
CTX elf.trojan.mirai
Skyhigh Lnx/Mirai-FEBN!C066F8CFB64C
ALYac Trojan.Linux.Mirai.AMTU
VIPRE Trojan.Linux.Mirai.AMTU
Sangfor Suspicious.Linux.Save.a
Arcabit Trojan.Linux.Mirai.AMTU
Symantec Linux.Mirai
ESET-NOD32 a variant of Linux/Mirai.CBS
Avast ELF:Mirai-BJH [Trj]
ClamAV Unix.Dropper.Mirai-7135925-0
Kaspersky HEUR:Backdoor.Linux.Mirai.cw
BitDefender Trojan.Linux.Mirai.AMTU
MicroWorld-eScan Trojan.Linux.Mirai.AMTU
Rising Backdoor.Mirai/Linux!1.E816 (CLASSIC)
Emsisoft Trojan.Linux.Mirai.AMTU (B)
F-Secure Exploit.EXP/ELF.Mirai.Z.A
DrWeb Linux.Siggen.9999
TrendMicro TROJ_GEN.R002C0DLP24
Sophos Linux/DDoS-CIA
SentinelOne Static AI - Malicious ELF
FireEye Trojan.Linux.Mirai.AMTU
Google Detected
Avira EXP/ELF.Mirai.Z.A
Kingsoft Linux.Backdoor.elf.2023469
Microsoft Backdoor:Linux/Gafgyt.BR!MTB
Avast-Mobile ELF:Mirai-AAU [Trj]
GData Trojan.Linux.Mirai.AMTU
Varist E32/Mirai.EH.gen!Camelot
McAfee Lnx/Mirai-FEBN!C066F8CFB64C
Ikarus Trojan.Linux.Mirai
Tencent Backdoor.Linux.Mirai.wan
huorong Trojan/Linux.Tsunami.o
MaxSecure Trojan.Malware.121218.susgen
Fortinet ELF/Moobot.A!tr
AVG ELF:Mirai-BJH [Trj]
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.