Summary

02.08.2022.exe

File 02.08.2022.exe

Summary
Download Resubmit sample

Size 124.4KB
Type data
MD5 472f37fee3ad0bd32dad01cdcbebf8e8
SHA1 e7b50594c16b6aa04113f0d2ad8effbcd31d3800
SHA256 8c51abf73a6da059b9287d8190bbfddaf5e41ee86f443878472c35dda6be0db0
SHA512
5d6b5f7ffa77d01664929b5899bb303207fb908328cc9d90364b3562662f1525f5a33274bbbc485cbcab0b9b94cd440295be0f3752b685f76581f9ced49aa28c
CRC32 32F65232
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 8.6 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE June 15, 2025, 11:13 a.m. June 15, 2025, 11:14 a.m. 93 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-06-15 11:13:08,001 [root] DEBUG: Starting analyzer from: /tmp/tmp3QTJ_O
2025-06-15 11:13:08,002 [root] DEBUG: Storing results at: /tmp/NBLyit
2025-06-15 11:13:08,002 [lib.core.packages] INFO: _guess_package_name failed
2025-06-15 11:13:08,002 [lib.core.packages] INFO: data
2025-06-15 11:13:08,002 [lib.core.packages] INFO: 02.08.2022.exe
2025-06-15 11:13:10,213 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-06-15 11:13:10,716 [modules.auxiliary.human] INFO: Human started v0.02
2025-06-15 11:13:10,718 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-06-15 11:13:15,466 [lib.core.packages] INFO: Process startup took 4.74 seconds
2025-06-15 11:13:15,474 [root] INFO: Added new process to list with pid: 2055
2025-06-15 11:13:21,485 [root] INFO: Process with pid 2055 has terminated
2025-06-15 11:13:21,487 [root] INFO: Process list is empty, terminating analysis.
2025-06-15 11:13:24,488 [lib.core.packages] INFO: Package requested stop
2025-06-15 11:13:24,489 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-06-15 11:13:10,897 [cuckoo.core.scheduler] INFO: Task #6556641: acquired machine Ubuntu1904x645 (label=Ubuntu1904x645)
2025-06-15 11:13:10,897 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.105 for task #6556641
2025-06-15 11:13:11,098 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1355056 (interface=vboxnet0, host=192.168.168.105)
2025-06-15 11:13:11,146 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x645
2025-06-15 11:13:11,458 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x645 to Snapshot
2025-06-15 11:13:29,600 [cuckoo.core.guest] INFO: Starting analysis #6556641 on guest (id=Ubuntu1904x645, ip=192.168.168.105)
2025-06-15 11:13:30,606 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: not ready yet
2025-06-15 11:13:35,633 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x645, ip=192.168.168.105)
2025-06-15 11:13:35,657 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x645, ip=192.168.168.105, monitor=latest, size=73219)
2025-06-15 11:13:35,938 [cuckoo.core.resultserver] DEBUG: Task #6556641: live log analysis.log initialized.
2025-06-15 11:13:41,513 [cuckoo.core.resultserver] DEBUG: Task #6556641: File upload for 'shots/0001.jpg'
2025-06-15 11:13:41,522 [cuckoo.core.resultserver] DEBUG: Task #6556641 uploaded file length: 171556
2025-06-15 11:13:50,855 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #6556641 still processing
2025-06-15 11:13:52,443 [cuckoo.core.resultserver] DEBUG: Task #6556641: File upload for 'logs/all.stap'
2025-06-15 11:13:52,446 [cuckoo.core.resultserver] DEBUG: Task #6556641 uploaded file length: 1201
2025-06-15 11:14:05,938 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #6556641 still processing
2025-06-15 11:14:21,019 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #6556641 still processing
2025-06-15 11:14:36,091 [cuckoo.core.guest] INFO: Ubuntu1904x645: end of analysis reached!
2025-06-15 11:14:36,105 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-15 11:14:36,125 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-15 11:14:36,688 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x645 to path /srv/cuckoo/cwd/storage/analyses/6556641/memory.dmp
2025-06-15 11:14:36,689 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x645
2025-06-15 11:14:43,656 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.105 for task #6556641
2025-06-15 11:14:43,656 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6556641
2025-06-15 11:14:43,971 [cuckoo.core.scheduler] DEBUG: Released database task #6556641
2025-06-15 11:14:44,004 [cuckoo.core.scheduler] INFO: Task #6556641: analysis procedure completed

Signatures

File has been identified by 8 AntiVirus engine on IRMA as malicious (8 events)
G Data Antivirus (Windows) Virus: Trojan.Shellcode.11.Gen (Engine A)
Trend Micro SProtect (Linux) Trojan.Win32.COBALT.SMD.hp
eScan Antivirus (Linux) Trojan.Shellcode.11.Gen(DB)
Sophos Anti-Virus (Linux) ATK/Cobalt-D
DrWeb Antivirus (Linux) BackDoor.Meterpreter.152
Bitdefender Antivirus (Linux) Trojan.Shellcode.11.Gen
Kaspersky Standard (Windows) HEUR:Trojan.Win64.CobaltStrike.gen
Emsisoft Commandline Scanner (Windows) Trojan.Shellcode.11.Gen (B)
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.