Cuckoo Sandbox

File boatnet.x86

Summary
Download Resubmit sample

Size	21.0KB
Type	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
MD5	`83f32c8c232e9a047bb44e64ad73124e`
SHA1	`d68475b31c4c1b9eff42876633446c3629214f5c`
SHA256	`4f033b47f5ab517ce7414cfbe15ec995a097e6189fbaf7a271e6d276fadcda23`
SHA512	`ddb6d1fc06b14f5a389afb8bd8bbea7d55ec5ee46531e169f0da15f1481ccc2fc2c99a6539a4756f8bcb750c83d75400e273029b8967fd4576f320f5697cc12f`
CRC32	`F8A5352F`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 25, 2024, 8:58 p.m.	Dec. 25, 2024, 8:59 p.m.	97 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2024-12-25 20:56:41,000 [root] DEBUG: Starting analyzer from: /tmp/tmpY2OfUK
2024-12-25 20:56:41,001 [root] DEBUG: Storing results at: /tmp/gAvJADs
2024-12-25 20:56:42,747 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2024-12-25 20:56:42,750 [modules.auxiliary.human] INFO: Human started v0.02
2024-12-25 20:56:42,752 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2024-12-25 20:56:47,721 [lib.core.packages] INFO: Process startup took 4.96 seconds
2024-12-25 20:56:47,722 [root] INFO: Added new process to list with pid: 2068
2024-12-25 20:56:53,743 [root] INFO: Process with pid 2068 has terminated
2024-12-25 20:56:53,744 [root] INFO: Process list is empty, terminating analysis.
2024-12-25 20:56:56,747 [lib.core.packages] INFO: Package requested stop
2024-12-25 20:56:56,748 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2024-12-25 20:58:17,613 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:18,636 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:19,656 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:20,749 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:21,769 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:22,791 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:23,808 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:24,824 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:25,856 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:26,891 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:27,925 [cuckoo.core.scheduler] DEBUG: Task #5695875: no machine available yet
2024-12-25 20:58:28,953 [cuckoo.core.scheduler] INFO: Task #5695875: acquired machine Ubuntu1904x646 (label=Ubuntu1904x646)
2024-12-25 20:58:28,954 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.106 for task #5695875
2024-12-25 20:58:29,176 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 293093 (interface=vboxnet0, host=192.168.168.106)
2024-12-25 20:58:29,204 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x646
2024-12-25 20:58:29,712 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x646 to Snapshot
2024-12-25 20:58:40,133 [cuckoo.core.guest] INFO: Starting analysis #5695875 on guest (id=Ubuntu1904x646, ip=192.168.168.106)
2024-12-25 20:58:41,139 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: not ready yet
2024-12-25 20:58:46,168 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x646, ip=192.168.168.106)
2024-12-25 20:58:46,192 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x646, ip=192.168.168.106, monitor=latest, size=73219)
2024-12-25 20:58:47,432 [cuckoo.core.resultserver] DEBUG: Task #5695875: live log analysis.log initialized.
2024-12-25 20:58:52,226 [cuckoo.core.resultserver] DEBUG: Task #5695875: File upload for 'shots/0001.jpg'
2024-12-25 20:58:52,235 [cuckoo.core.resultserver] DEBUG: Task #5695875 uploaded file length: 171572
2024-12-25 20:59:01,363 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #5695875 still processing
2024-12-25 20:59:03,197 [cuckoo.core.resultserver] DEBUG: Task #5695875: File upload for 'logs/all.stap'
2024-12-25 20:59:03,200 [cuckoo.core.resultserver] DEBUG: Task #5695875 uploaded file length: 4455
2024-12-25 20:59:16,442 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #5695875 still processing
2024-12-25 20:59:31,553 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #5695875 still processing
2024-12-25 20:59:46,626 [cuckoo.core.guest] INFO: Ubuntu1904x646: end of analysis reached!
2024-12-25 20:59:46,639 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-25 20:59:46,666 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-25 20:59:47,392 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x646 to path /srv/cuckoo/cwd/storage/analyses/5695875/memory.dmp
2024-12-25 20:59:47,394 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x646
2024-12-25 20:59:54,801 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.106 for task #5695875
2024-12-25 20:59:54,802 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 5695875
2024-12-25 20:59:55,098 [cuckoo.core.scheduler] DEBUG: Released database task #5695875
2024-12-25 20:59:55,123 [cuckoo.core.scheduler] INFO: Task #5695875: analysis procedure completed

Signatures

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Trojan.Linux.GenericKDZ.177 (Engine A)
Avast Core Security (Linux)	ELF:Gafgyt-KR [Trj]
C4S ClamAV (Linux)	Unix.Trojan.Mirai-9955234-0
Windows Defender (Windows)	Backdoor:Linux/Mirai.AW!MTB
Forticlient (Linux)	ELF/Agent.AYQ!tr
Sophos Anti-Virus (Linux)	Linux/DDoS-CI
eScan Antivirus (Linux)	Trojan.Linux.GenericKDZ.177(DB)
ESET Security (Windows)	a variant of Linux/Mirai.A trojan
McAfee CLI scanner (Linux)	GenericRXTP-FV
DrWeb Antivirus (Linux)	Linux.Siggen.9999
ClamAV (Linux)	Unix.Trojan.Mirai-9955234-0
Bitdefender Antivirus (Linux)	Trojan.Linux.GenericKDZ.177
Kaspersky Standard (Windows)	HEUR:Backdoor.Linux.Mirai.h
Emsisoft Commandline Scanner (Windows)	Trojan.Linux.GenericKDZ.177 (B)

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Elastic	Linux.Trojan.Gafgyt
CTX	elf.trojan.generickdz
Skyhigh	GenericRXTP-FV!83F32C8C232E
McAfee	GenericRXTP-FV!83F32C8C232E
VIPRE	Trojan.Linux.GenericKDZ.177
Sangfor	Suspicious.Linux.Save.a
Arcabit	Trojan.Linux.Generic.177
Symantec	Linux.Mirai
ESET-NOD32	a variant of Linux/Mirai.A
Avast	ELF:Gafgyt-KR [Trj]
ClamAV	Unix.Trojan.Mirai-9955234-0
Kaspersky	HEUR:Backdoor.Linux.Mirai.h
BitDefender	Trojan.Linux.GenericKDZ.177
MicroWorld-eScan	Trojan.Linux.GenericKDZ.177
Rising	Backdoor.Mirai/Linux!1.DAED (CLASSIC)
Emsisoft	Trojan.Linux.GenericKDZ.177 (B)
DrWeb	Linux.Siggen.9999
Sophos	Linux/DDoS-CI
Ikarus	Trojan.Linux.Mirai
FireEye	Trojan.Linux.GenericKDZ.177
Jiangmin	Backdoor.Linux.aont
Google	Detected
Kingsoft	Linux.Backdoor.elf.2023293
Microsoft	Backdoor:Linux/Mirai.AW!MTB
GData	Trojan.Linux.GenericKDZ.177
Tencent	Backdoor.Linux.Mirai.wan
huorong	Trojan/Linux.Mirai.g
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	ELF/Mirai.A!tr
AVG	ELF:Gafgyt-KR [Trj]

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File boatnet.x86

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample