Summary

AmneziaVPN_Linux_Installer.bin

File AmneziaVPN_Linux_Installer.bin

Summary
Download Resubmit sample

Size 101.7MB
Type ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=eb876e6dac65bb27d0e585a98e22258e16aaa4d3, stripped
MD5 dfe4b209bc174003073b229e536bc1a1
SHA1 5ffb1ca1cc86daea726e9f437ccaf14cbb1f07d6
SHA256 891db55ad20dd0b83af2c0b4b3938995162147a117d816ec44db5e5f4d36d18e
SHA512
00e45c47871c7f61a6a94987bf2c9aa5af7d69409e9c338955b4db850761d7ae5b0f0b3d177a635d0bcb25510ebc9855d06f2efc3dbe48e2763d721abfef2c3a
CRC32 71023364
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • Maldoc_CVE_2017_11882 - Detects maldoc With exploit for CVE_2017_11882
  • shellcode - Matched shellcode byte patterns

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

7214719

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 6, 2025, 12:50 a.m. Dec. 6, 2025, 12:51 a.m. 37 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-12-06 00:50:23,005 [root] DEBUG: Starting analyzer from: /tmp/tmpZMfmYP
2025-12-06 00:50:23,006 [root] DEBUG: Storing results at: /tmp/CtZDWCju
2025-12-06 00:50:23,007 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpZMfmYP/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpZMfmYP/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpZMfmYP/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "reboot": it does not exist.
Traceback (most recent call last):
  File "/tmp/tmpZMfmYP/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpZMfmYP/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpZMfmYP/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "reboot": it does not exist.

Cuckoo Log

2025-12-06 00:50:37,544 [cuckoo.core.scheduler] INFO: Task #7214721: acquired machine Ubuntu1904x642 (label=Ubuntu1904x642)
2025-12-06 00:50:37,545 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.102 for task #7214721
2025-12-06 00:50:37,982 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2350494 (interface=vboxnet0, host=192.168.168.102)
2025-12-06 00:50:38,011 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x642
2025-12-06 00:50:39,446 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x642 to Snapshot
2025-12-06 00:50:48,787 [cuckoo.core.guest] INFO: Starting analysis #7214721 on guest (id=Ubuntu1904x642, ip=192.168.168.102)
2025-12-06 00:50:49,792 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: not ready yet
2025-12-06 00:50:54,821 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x642, ip=192.168.168.102)
2025-12-06 00:50:54,845 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x642, ip=192.168.168.102, monitor=latest, size=73219)
2025-12-06 00:50:54,902 [cuckoo.auxiliary.reboot] INFO: Preparing task #7214721 for a reboot analysis..
2025-12-06 00:50:59,085 [cuckoo.core.resultserver] DEBUG: Task #7214721: live log analysis.log initialized.
2025-12-06 00:51:01,982 [cuckoo.core.guest] INFO: Ubuntu1904x642: analysis completed successfully
2025-12-06 00:51:01,995 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-12-06 00:51:02,029 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-12-06 00:51:03,246 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x642 to path /srv/cuckoo/cwd/storage/analyses/7214721/memory.dmp
2025-12-06 00:51:03,246 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x642
2025-12-06 00:51:11,926 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.102 for task #7214721
2025-12-06 00:51:12,289 [cuckoo.core.scheduler] DEBUG: Released database task #7214721
2025-12-06 00:51:12,307 [cuckoo.core.scheduler] INFO: Task #7214721: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Possibly employs anti-virtualization techniques rule vmdetect
description Detects maldoc With exploit for CVE_2017_11882 rule Maldoc_CVE_2017_11882
description Matched shellcode byte patterns rule shellcode
File has been identified by 2 AntiVirus engine on IRMA as malicious (2 events)
Avast Core Security (Linux) ELF:Tun2socks-A [PUP]
WithSecure (Linux) Malware.LINUX/AVI.Agent.btkmr
File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 events)
Avast ELF:Tun2socks-A [PUP]
Cynet Malicious (score: 99)
Kaspersky not-a-virus:UDS:RiskTool.Linux.Revproxy.g
Rising Hacktool.Revproxy/Linux!8.13D09 (CLOUD)
F-Secure Malware.LINUX/AVI.Agent.btkmr
Avira LINUX/AVI.Agent.btkmr
AVG ELF:Tun2socks-A [PUP]
alibabacloud Riskware:Linux/Revproxy.g
Screenshots
No screenshots available.
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.