Cuckoo Sandbox

File arm

Summary
Download Resubmit sample

Size	42.3KB
Type	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
MD5	`98b060382ec51fe2c71646b599956cd1`
SHA1	`45aba69f5bf3204eb3467c8e45dcf367d2a27b14`
SHA256	`2f66b28645b910c0fcb7a751e9a0dad86fd2be825d07f45dd6ab086ec2eeafc0`
SHA512	`82b275afbbad49990d562e446db3f4f75760e01a275f5e59046205836c80ceea988bff6644f8f584f6a3cefe4ad83d90179c1d9ec6753d269e9968b2be73d358`
CRC32	`8CF70F5E`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 25, 2024, 9:04 p.m.	Dec. 25, 2024, 9:05 p.m.	82 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2024-12-25 21:04:05,006 [root] DEBUG: Starting analyzer from: /tmp/tmpRpAXT5
2024-12-25 21:04:05,006 [root] DEBUG: Storing results at: /tmp/JZoGhXyEG
2024-12-25 21:04:07,267 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2024-12-25 21:04:07,270 [modules.auxiliary.human] INFO: Human started v0.02
2024-12-25 21:04:07,773 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2024-12-25 21:04:12,344 [lib.core.packages] INFO: Process startup took 4.57 seconds
2024-12-25 21:04:12,345 [root] INFO: Added new process to list with pid: 2057
2024-12-25 21:04:18,354 [root] INFO: Process with pid 2057 has terminated
2024-12-25 21:04:18,355 [root] INFO: Process list is empty, terminating analysis.
2024-12-25 21:04:21,359 [lib.core.packages] INFO: Package requested stop
2024-12-25 21:04:21,361 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2024-12-25 21:04:10,955 [cuckoo.core.scheduler] INFO: Task #5695876: acquired machine Ubuntu1904x645 (label=Ubuntu1904x645)
2024-12-25 21:04:10,956 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.105 for task #5695876
2024-12-25 21:04:11,196 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 300138 (interface=vboxnet0, host=192.168.168.105)
2024-12-25 21:04:11,233 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x645
2024-12-25 21:04:11,842 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x645 to Snapshot
2024-12-25 21:04:18,638 [cuckoo.core.guest] INFO: Starting analysis #5695876 on guest (id=Ubuntu1904x645, ip=192.168.168.105)
2024-12-25 21:04:19,643 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: not ready yet
2024-12-25 21:04:24,671 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x645, ip=192.168.168.105)
2024-12-25 21:04:24,698 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x645, ip=192.168.168.105, monitor=latest, size=73219)
2024-12-25 21:04:24,925 [cuckoo.core.resultserver] DEBUG: Task #5695876: live log analysis.log initialized.
2024-12-25 21:04:30,095 [cuckoo.core.resultserver] DEBUG: Task #5695876: File upload for 'shots/0001.jpg'
2024-12-25 21:04:30,112 [cuckoo.core.resultserver] DEBUG: Task #5695876 uploaded file length: 171570
2024-12-25 21:04:39,903 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #5695876 still processing
2024-12-25 21:04:41,298 [cuckoo.core.resultserver] DEBUG: Task #5695876: File upload for 'logs/all.stap'
2024-12-25 21:04:41,307 [cuckoo.core.resultserver] DEBUG: Task #5695876 uploaded file length: 51092
2024-12-25 21:04:54,989 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #5695876 still processing
2024-12-25 21:05:10,096 [cuckoo.core.guest] DEBUG: Ubuntu1904x645: analysis #5695876 still processing
2024-12-25 21:05:25,218 [cuckoo.core.guest] INFO: Ubuntu1904x645: end of analysis reached!
2024-12-25 21:05:25,230 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-25 21:05:25,246 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-25 21:05:25,889 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x645 to path /srv/cuckoo/cwd/storage/analyses/5695876/memory.dmp
2024-12-25 21:05:25,891 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x645
2024-12-25 21:05:32,959 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.105 for task #5695876
2024-12-25 21:05:32,960 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 5695876
2024-12-25 21:05:33,254 [cuckoo.core.scheduler] DEBUG: Released database task #5695876
2024-12-25 21:05:33,272 [cuckoo.core.scheduler] INFO: Task #5695876: analysis procedure completed

Signatures

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Trojan.Linux.GenericKD.38638 (Engine A)
Avast Core Security (Linux)	ELF:Mirai-COW [Trj]
F-Secure Antivirus (Linux)	Malware.ANDROID/AVE.Mirai.caaqd [Aquarius]
Windows Defender (Windows)	Backdoor:Linux/Mirai.JN!MTB
Forticlient (Linux)	Linux/Mirai.CGF!tr
Sophos Anti-Virus (Linux)	Mal/Generic-S
eScan Antivirus (Linux)	Trojan.Linux.GenericKD.38638(DB)
ESET Security (Windows)	a variant of Linux/Mirai.CGF trojan
DrWeb Antivirus (Linux)	Linux.Mirai.8814
Bitdefender Antivirus (Linux)	Trojan.Linux.GenericKD.38638
Kaspersky Standard (Windows)	HEUR:Backdoor.Linux.Mirai.gen
Emsisoft Commandline Scanner (Windows)	Trojan.Linux.GenericKD.38638 (B)

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Lionic	Trojan.Linux.Mirai.K!c
Elastic	Linux.Generic.Threat
Cynet	Malicious (score: 99)
CTX	elf.trojan.mirai
Skyhigh	Artemis!Trojan
ALYac	Trojan.Linux.GenericKD.38638
VIPRE	Trojan.Linux.GenericKD.38638
Sangfor	Backdoor.Linux.Mirai.Vsd5
Arcabit	Trojan.Linux.Generic.D96EE
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Linux/Mirai.CGF
TrendMicro-HouseCall	TROJ_GEN.R002C0DLF24
Avast	ELF:Mirai-COW [Trj]
Kaspersky	HEUR:Backdoor.Linux.Mirai.gen
BitDefender	Trojan.Linux.GenericKD.38638
MicroWorld-eScan	Trojan.Linux.GenericKD.38638
Rising	Backdoor.Mirai/Linux!1.11724 (CLASSIC)
Emsisoft	Trojan.Linux.GenericKD.38638 (B)
F-Secure	Malware.ANDROID/AVE.Mirai.caaqd
DrWeb	Linux.Mirai.8814
TrendMicro	TROJ_GEN.R002C0DLF24
Sophos	Mal/Generic-S
Ikarus	Trojan.Linux.Mirai
FireEye	Trojan.Linux.GenericKD.38638
Google	Detected
Avira	ANDROID/AVE.Mirai.caaqd
Antiy-AVL	Trojan[Backdoor]/Linux.Mirai.jn
Kingsoft	Linux.Backdoor.Mirai.gen
Microsoft	Backdoor:Linux/Mirai.JN!MTB
Avast-Mobile	ELF:Mirai-COW [Trj]
GData	Trojan.Linux.GenericKD.38638
Varist	E32/Mirai.J.gen!Eldorado
Tencent	Linux.Backdoor.Mirai.Wwhl
huorong	Trojan/Linux.Mirai.am
Fortinet	Linux/Mirai.CGF!tr
AVG	ELF:Mirai-COW [Trj]

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File arm

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample