Summary

ht-jupit

File ht-jupit

Summary
Download Resubmit sample

Size 7.8MB
Type ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1cfc28c1871feb2b8cd7f2b32346f7b57863a01b, for GNU/Linux 3.2.0, stripped
MD5 80addee529e137894328a592be4ea153
SHA1 f2a3f37ab9efb082cf1cb3111eeedc1c68cb9390
SHA256 b11d770e423563108936db7a48f19dc2dc17024adb58560885b1b2fb804e3e6c
SHA512
8e87a35e89da5029ea019e444d861d6726010162c9fa1b7f62ddd9b40204b238bc79f674ff127c13acbee9524d2a43afa818f8710de69173fed96d73af7b697f
CRC32 C279D7AA
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE March 21, 2025, 3:48 p.m. March 21, 2025, 3:49 p.m. 74 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-03-21 15:48:23,007 [root] DEBUG: Starting analyzer from: /tmp/tmp_Lm8Al
2025-03-21 15:48:23,007 [root] DEBUG: Storing results at: /tmp/UbSuLiED
2025-03-21 15:48:24,972 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-03-21 15:48:24,974 [modules.auxiliary.human] INFO: Human started v0.02
2025-03-21 15:48:24,975 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-03-21 15:48:30,131 [lib.core.packages] INFO: Process startup took 5.15 seconds
2025-03-21 15:48:30,132 [root] INFO: Added new process to list with pid: 2071
2025-03-21 15:49:00,184 [root] INFO: Analysis timeout hit, terminating analysis.
2025-03-21 15:49:00,184 [lib.core.packages] INFO: Package requested stop
2025-03-21 15:49:08,079 [root] INFO: Terminating remaining processes before shutdown.
2025-03-21 15:49:08,079 [root] INFO: Analysis completed.

Cuckoo Log

2025-03-21 15:48:31,434 [cuckoo.core.scheduler] INFO: Task #6144300: acquired machine Ubuntu1904x646 (label=Ubuntu1904x646)
2025-03-21 15:48:31,435 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.106 for task #6144300
2025-03-21 15:48:31,776 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1446178 (interface=vboxnet0, host=192.168.168.106)
2025-03-21 15:48:31,800 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x646
2025-03-21 15:48:32,315 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x646 to Snapshot
2025-03-21 15:48:40,145 [cuckoo.core.guest] INFO: Starting analysis #6144300 on guest (id=Ubuntu1904x646, ip=192.168.168.106)
2025-03-21 15:48:41,150 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: not ready yet
2025-03-21 15:48:46,188 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x646, ip=192.168.168.106)
2025-03-21 15:48:46,350 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x646, ip=192.168.168.106, monitor=latest, size=73219)
2025-03-21 15:48:47,300 [cuckoo.core.resultserver] DEBUG: Task #6144300: live log analysis.log initialized.
2025-03-21 15:48:52,386 [cuckoo.core.resultserver] DEBUG: Task #6144300: File upload for 'shots/0001.jpg'
2025-03-21 15:48:52,391 [cuckoo.core.resultserver] DEBUG: Task #6144300 uploaded file length: 171587
2025-03-21 15:49:04,919 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6144300 still processing
2025-03-21 15:49:20,027 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6144300 still processing
2025-03-21 15:49:24,396 [cuckoo.core.resultserver] DEBUG: Task #6144300: File upload for 'logs/all.stap'
2025-03-21 15:49:24,836 [cuckoo.core.resultserver] DEBUG: Task #6144300 uploaded file length: 1404755
2025-03-21 15:49:33,432 [cuckoo.core.guest] INFO: Ubuntu1904x646: analysis completed successfully
2025-03-21 15:49:33,445 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-03-21 15:49:33,477 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-03-21 15:49:34,305 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x646 to path /srv/cuckoo/cwd/storage/analyses/6144300/memory.dmp
2025-03-21 15:49:34,306 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x646
2025-03-21 15:49:44,588 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.106 for task #6144300
2025-03-21 15:49:44,591 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6144300
2025-03-21 15:49:45,375 [cuckoo.core.scheduler] DEBUG: Released database task #6144300
2025-03-21 15:49:45,413 [cuckoo.core.scheduler] INFO: Task #6144300: analysis procedure completed

Signatures

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://142.93.165.203/data
Performs some HTTP requests (1 event)
request POST http://142.93.165.203/data
Sends data using the HTTP POST Method (1 event)
request POST http://142.93.165.203/data
Raised Suricata alerts (1 event)
suricata TGI HUNT Mythic Example C2 Profile Artifacts
File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)
G Data Antivirus (Windows) Virus: Gen:Variant.Trojan.Linux.Poseidon.1 (Engine A)
Avast Core Security (Linux) ELF:Poseidon-E [Rat]
C4S ClamAV (Linux) Unix.Malware.Poseidon-10005882-0
WithSecure (Linux) Trojan:W32/Generic.abch!fsmind
eScan Antivirus (Linux) Gen:Variant.Trojan.Linux.Poseidon.1(DB)
ESET Security (Windows) a variant of Linux/Poseidon.H trojan
Sophos Anti-Virus (Linux) Linux/Psdon-A
ClamAV (Linux) Unix.Malware.Poseidon-10005882-0
Bitdefender Antivirus (Linux) Gen:Variant.Trojan.Linux.Poseidon.1
Kaspersky Standard (Windows) HEUR:Trojan.Linux.Agent.lc
Emsisoft Commandline Scanner (Windows) Gen:Variant.Trojan.Linux.Poseidon.1 (B)
File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)
Lionic Trojan.Linux.Agent.4!c
Elastic Multi.Trojan.Mythic
CTX elf.trojan.poseidon
ALYac Gen:Variant.Trojan.Linux.Poseidon.1
VIPRE Gen:Variant.Trojan.Linux.Poseidon.1
Sangfor Backdoor.ELF.Save.Mythic
Arcabit Trojan.Trojan.Linux.Poseidon.1
Symantec Trojan Horse
ESET-NOD32 a variant of Linux/Poseidon.H
TrendMicro-HouseCall TROJ_GEN.R002C0DCL25
Avast ELF:Poseidon-E [Rat]
ClamAV Unix.Malware.Poseidon-10005882-0
Kaspersky HEUR:Trojan.Linux.Agent.lc
BitDefender Gen:Variant.Trojan.Linux.Poseidon.1
MicroWorld-eScan Gen:Variant.Trojan.Linux.Poseidon.1
Rising Trojan.Poseidon/Linux!8.14294 (TFE:1B:U7WovCJrYzQ)
Emsisoft Gen:Variant.Trojan.Linux.Poseidon.1 (B)
F-Secure Malware.LINUX/AVI.POSeidon.rrsau
TrendMicro TROJ_GEN.R002C0DCL25
Sophos Linux/Psdon-A
FireEye Gen:Variant.Trojan.Linux.Poseidon.1
Google Detected
Avira LINUX/AVI.POSeidon.rrsau
Microsoft Trojan:Linux/MythicPoseidon.A
ZoneAlarm Linux/Psdon-A
GData Gen:Variant.Trojan.Linux.Poseidon.1
Tencent Linux.Trojan.Agent.Zolw
huorong TrojanSpy/Linux.Keylogger.a
Fortinet Linux/Poseidon.H!tr
AVG ELF:Poseidon-E [Rat]
alibabacloud Trojan:Golang/Poseidon.H
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.