Summary

AmneziaVPN_Linux_Installer.bin

File AmneziaVPN_Linux_Installer.bin

Summary
Download Resubmit sample

Size 101.7MB
Type ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=eb876e6dac65bb27d0e585a98e22258e16aaa4d3, stripped
MD5 dfe4b209bc174003073b229e536bc1a1
SHA1 5ffb1ca1cc86daea726e9f437ccaf14cbb1f07d6
SHA256 891db55ad20dd0b83af2c0b4b3938995162147a117d816ec44db5e5f4d36d18e
SHA512
00e45c47871c7f61a6a94987bf2c9aa5af7d69409e9c338955b4db850761d7ae5b0f0b3d177a635d0bcb25510ebc9855d06f2efc3dbe48e2763d721abfef2c3a
CRC32 71023364
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • Maldoc_CVE_2017_11882 - Detects maldoc With exploit for CVE_2017_11882
  • shellcode - Matched shellcode byte patterns

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 6, 2025, 12:35 a.m. Dec. 6, 2025, 12:41 a.m. 331 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-12-06 00:35:43,004 [root] DEBUG: Starting analyzer from: /tmp/tmp9jDX3t
2025-12-06 00:35:43,004 [root] DEBUG: Storing results at: /tmp/aVZaOpxdAp
2025-12-06 00:35:47,739 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-12-06 00:35:48,241 [modules.auxiliary.human] INFO: Human started v0.02
2025-12-06 00:35:48,243 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-12-06 00:35:53,305 [lib.core.packages] INFO: Process startup took 5.06 seconds
2025-12-06 00:35:53,307 [root] INFO: Added new process to list with pid: 2083
2025-12-06 00:36:05,326 [root] INFO: Process with pid 2083 has terminated
2025-12-06 00:36:05,327 [root] INFO: Process list is empty, terminating analysis.
2025-12-06 00:36:08,344 [lib.core.packages] INFO: Package requested stop
2025-12-06 00:36:08,345 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process
2025-12-06 00:40:39,734 [root] INFO: Terminating remaining processes before shutdown.
2025-12-06 00:40:39,735 [root] INFO: Analysis completed.

Cuckoo Log

2025-12-06 00:35:50,815 [cuckoo.core.scheduler] INFO: Task #7214719: acquired machine Ubuntu1904x642 (label=Ubuntu1904x642)
2025-12-06 00:35:50,816 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.102 for task #7214719
2025-12-06 00:35:51,171 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2330869 (interface=vboxnet0, host=192.168.168.102)
2025-12-06 00:35:51,202 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x642
2025-12-06 00:35:52,467 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x642 to Snapshot
2025-12-06 00:36:01,425 [cuckoo.core.guest] INFO: Starting analysis #7214719 on guest (id=Ubuntu1904x642, ip=192.168.168.102)
2025-12-06 00:36:02,430 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: not ready yet
2025-12-06 00:36:07,455 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x642, ip=192.168.168.102)
2025-12-06 00:36:07,478 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x642, ip=192.168.168.102, monitor=latest, size=73219)
2025-12-06 00:36:10,844 [cuckoo.core.resultserver] DEBUG: Task #7214719: live log analysis.log initialized.
2025-12-06 00:36:18,825 [cuckoo.core.resultserver] DEBUG: Task #7214719: File upload for 'shots/0001.jpg'
2025-12-06 00:36:18,854 [cuckoo.core.resultserver] DEBUG: Task #7214719 uploaded file length: 171524
2025-12-06 00:36:25,868 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:36:36,200 [cuckoo.core.resultserver] DEBUG: Task #7214719: File upload for 'logs/all.stap'
2025-12-06 00:36:36,203 [cuckoo.core.resultserver] DEBUG: Task #7214719 uploaded file length: 0
2025-12-06 00:36:40,945 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:36:56,030 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:37:11,106 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:37:26,188 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:37:41,271 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:37:56,351 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:38:11,428 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:38:26,506 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:38:41,587 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:38:56,668 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:39:11,754 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:39:26,835 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:39:41,919 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:39:57,001 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:40:12,085 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:40:27,167 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:40:42,246 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:40:57,333 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #7214719 still processing
2025-12-06 00:41:09,391 [cuckoo.core.guest] INFO: Ubuntu1904x642: analysis completed successfully
2025-12-06 00:41:09,406 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-12-06 00:41:09,436 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-12-06 00:41:10,726 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x642 to path /srv/cuckoo/cwd/storage/analyses/7214719/memory.dmp
2025-12-06 00:41:10,728 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x642
2025-12-06 00:41:19,770 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.102 for task #7214719
2025-12-06 00:41:20,107 [cuckoo.core.scheduler] DEBUG: Released database task #7214719
2025-12-06 00:41:20,128 [cuckoo.core.scheduler] INFO: Task #7214719: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Possibly employs anti-virtualization techniques rule vmdetect
description Detects maldoc With exploit for CVE_2017_11882 rule Maldoc_CVE_2017_11882
description Matched shellcode byte patterns rule shellcode
File has been identified by 2 AntiVirus engine on IRMA as malicious (2 events)
Avast Core Security (Linux) ELF:Tun2socks-A [PUP]
WithSecure (Linux) Malware.LINUX/AVI.Agent.btkmr
File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 events)
Avast ELF:Tun2socks-A [PUP]
Cynet Malicious (score: 99)
Kaspersky not-a-virus:UDS:RiskTool.Linux.Revproxy.g
Rising Hacktool.Revproxy/Linux!8.13D09 (CLOUD)
F-Secure Malware.LINUX/AVI.Agent.btkmr
Avira LINUX/AVI.Agent.btkmr
AVG ELF:Tun2socks-A [PUP]
alibabacloud Riskware:Linux/Revproxy.g
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.