Cuckoo Sandbox

File boatnet.sh4

Summary
Download Resubmit sample

Size	49.0KB
Type	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
MD5	`ee31a9d6a5801e7e979c92ce043991a9`
SHA1	`9a95f23e0faac2754ab939597f1484c46d6b0b7d`
SHA256	`949724f31cc39ef0aacf8e96fa39e5722d51a1beb6cf2ad71dadc0687336facd`
SHA512	`7fad476db20bc47f62ae42ccb689e0c914f821a46270e64982e028c564d174d85516020f9515be7e9a9c6099981a5bc54d33cf583f576ccdbb9977fbcc3c7be6`
CRC32	`A478DD73`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 25, 2024, 8:57 p.m.	Dec. 25, 2024, 8:59 p.m.	109 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2024-12-25 20:56:39,006 [root] DEBUG: Starting analyzer from: /tmp/tmpAMhDFE
2024-12-25 20:56:39,007 [root] DEBUG: Storing results at: /tmp/hLAKHvI
2024-12-25 20:56:40,925 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2024-12-25 20:56:40,929 [modules.auxiliary.human] INFO: Human started v0.02
2024-12-25 20:56:41,432 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2024-12-25 20:56:46,551 [lib.core.packages] INFO: Process startup took 5.11 seconds
2024-12-25 20:56:46,554 [root] INFO: Added new process to list with pid: 3846
2024-12-25 20:56:52,563 [root] INFO: Process with pid 3846 has terminated
2024-12-25 20:56:52,564 [root] INFO: Process list is empty, terminating analysis.
2024-12-25 20:56:55,568 [lib.core.packages] INFO: Package requested stop
2024-12-25 20:56:55,569 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2024-12-25 20:57:59,797 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:00,836 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:01,856 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:02,876 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:03,914 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:05,018 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:06,049 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:07,068 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:08,096 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:09,117 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:10,135 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:11,204 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:12,257 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:13,284 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:14,303 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:15,326 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:16,346 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:17,366 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:18,396 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:19,408 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:20,447 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:21,501 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:22,522 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:23,540 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:24,600 [cuckoo.core.scheduler] DEBUG: Task #5695873: no machine available yet
2024-12-25 20:58:25,633 [cuckoo.core.scheduler] INFO: Task #5695873: acquired machine Ubuntu1904x644 (label=Ubuntu1904x644)
2024-12-25 20:58:25,634 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.104 for task #5695873
2024-12-25 20:58:25,900 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 292950 (interface=vboxnet0, host=192.168.168.104)
2024-12-25 20:58:25,922 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x644
2024-12-25 20:58:26,405 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x644 to Snapshot
2024-12-25 20:58:34,869 [cuckoo.core.guest] INFO: Starting analysis #5695873 on guest (id=Ubuntu1904x644, ip=192.168.168.104)
2024-12-25 20:58:35,875 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: not ready yet
2024-12-25 20:58:40,901 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x644, ip=192.168.168.104)
2024-12-25 20:58:40,927 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x644, ip=192.168.168.104, monitor=latest, size=73219)
2024-12-25 20:58:41,147 [cuckoo.core.resultserver] DEBUG: Task #5695873: live log analysis.log initialized.
2024-12-25 20:58:48,613 [cuckoo.core.resultserver] DEBUG: Task #5695873: File upload for 'shots/0001.jpg'
2024-12-25 20:58:48,622 [cuckoo.core.resultserver] DEBUG: Task #5695873 uploaded file length: 171572
2024-12-25 20:58:56,122 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5695873 still processing
2024-12-25 20:58:57,731 [cuckoo.core.resultserver] DEBUG: Task #5695873: File upload for 'logs/all.stap'
2024-12-25 20:58:57,740 [cuckoo.core.resultserver] DEBUG: Task #5695873 uploaded file length: 64891
2024-12-25 20:59:11,205 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5695873 still processing
2024-12-25 20:59:26,309 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5695873 still processing
2024-12-25 20:59:41,386 [cuckoo.core.guest] INFO: Ubuntu1904x644: end of analysis reached!
2024-12-25 20:59:41,401 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-25 20:59:41,427 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-25 20:59:42,090 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x644 to path /srv/cuckoo/cwd/storage/analyses/5695873/memory.dmp
2024-12-25 20:59:42,092 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x644
2024-12-25 20:59:49,223 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.104 for task #5695873
2024-12-25 20:59:49,224 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 5695873
2024-12-25 20:59:49,505 [cuckoo.core.scheduler] DEBUG: Released database task #5695873
2024-12-25 20:59:49,522 [cuckoo.core.scheduler] INFO: Task #5695873: analysis procedure completed

Signatures

File has been identified by 15 AntiVirus engine on IRMA as malicious (15 events)

G Data Antivirus (Windows)	Virus: Trojan.Linux.Generic.374900 (Engine A)
Avast Core Security (Linux)	ELF:Agent-AYQ [Trj]
C4S ClamAV (Linux)	Unix.Dropper.Mirai-7136013-0
F-Secure Antivirus (Linux)	Exploit.EXP/ELF.Gafgyt.D [Aquarius]
Windows Defender (Windows)	Backdoor:Linux/Gafgyt.P!MTB
Forticlient (Linux)	Linux/Mirai.IZ1H9!tr
Sophos Anti-Virus (Linux)	Linux/DDoS-CI
eScan Antivirus (Linux)	Trojan.Linux.Generic.374900(DB)
ESET Security (Windows)	a variant of Linux/Mirai.A trojan
McAfee CLI scanner (Linux)	Linux/Mirai-FROZ
DrWeb Antivirus (Linux)	Linux.Siggen.9999
ClamAV (Linux)	Unix.Dropper.Mirai-7136013-0
Bitdefender Antivirus (Linux)	Trojan.Linux.Generic.374900
Kaspersky Standard (Windows)	HEUR:Backdoor.Linux.Mirai.cw
Emsisoft Commandline Scanner (Windows)	Trojan.Linux.Generic.374900 (B)

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Elastic	Linux.Trojan.Gafgyt
Cynet	Malicious (score: 99)
CTX	elf.trojan.generic
Skyhigh	Linux/Mirai-FROZ!EE31A9D6A580
ALYac	Trojan.Linux.Generic.374900
VIPRE	Trojan.Linux.Generic.374900
Sangfor	Suspicious.Linux.Save.a
Arcabit	Trojan.Linux.Generic.D5B874
VirIT	Linux.Mirai.T
Symantec	Linux.Mirai
ESET-NOD32	a variant of Linux/Mirai.A
TrendMicro-HouseCall	Possible_MIRAI.SMLBO13
Avast	ELF:Agent-AYQ [Trj]
ClamAV	Unix.Dropper.Mirai-7136013-0
Kaspersky	HEUR:Backdoor.Linux.Mirai.cw
BitDefender	Trojan.Linux.Generic.374900
MicroWorld-eScan	Trojan.Linux.Generic.374900
Rising	Backdoor.Mirai/Linux!1.DAED (CLASSIC)
Emsisoft	Trojan.Linux.Generic.374900 (B)
F-Secure	Exploit.EXP/ELF.Gafgyt.D
DrWeb	Linux.Siggen.9999
TrendMicro	Possible_MIRAI.SMLBO13
Sophos	Linux/DDoS-CI
Ikarus	Trojan.Linux.Mirai
FireEye	Trojan.Linux.Generic.374900
Jiangmin	Backdoor.Linux.hzja
Google	Detected
Avira	EXP/ELF.Gafgyt.D
Antiy-AVL	Trojan[Backdoor]/Linux.Mirai.cw
Kingsoft	ELF.Troj.2024053
Microsoft	Backdoor:Linux/Gafgyt.P!MTB
Avast-Mobile	ELF:Gafgyt-KS [Trj]
GData	Trojan.Linux.Generic.374900
Varist	E32/Mirai.EH.gen!Camelot
AhnLab-V3	Linux/Mirai.Gen35
McAfee	Linux/Mirai-FROZ!EE31A9D6A580
Tencent	Backdoor.Linux.Mirai.wbc
huorong	Trojan/Linux.Mirai.g
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Linux/Mirai.IZ1H9!tr
AVG	ELF:Agent-AYQ [Trj]

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File boatnet.sh4

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample