Summary

skid.mipsel

File skid.mipsel

Summary
Download Resubmit sample Download yara

Size 173.7KB
Type ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
MD5 1ed7269312d6bb9b940743c077bd83aa
SHA1 7fc56f70dc9207e2f4670ae263df5b7255a57291
SHA256 014bce445349169798dfc0f8c7629964d3e2b2f40eb299c6ef5220b3651bf5d4
SHA512
d7435704c1063a129bb092440717b89278a8ba003aaf18e06bbfcd9f9546c37b514ad0fa4ed07a4922626662cb82a8f7cf785ce18939065e88ad52b9eee332be
CRC32 EF38366F
ssdeep None
Yara None matched

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.7 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE April 18, 2025, 4:52 a.m. April 18, 2025, 4:53 a.m. 51 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-04-18 04:52:13,005 [root] DEBUG: Starting analyzer from: /tmp/tmpjnqqgn
2025-04-18 04:52:13,005 [root] DEBUG: Storing results at: /tmp/FumqxWked
2025-04-18 04:52:15,147 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-04-18 04:52:15,651 [modules.auxiliary.human] INFO: Human started v0.02
2025-04-18 04:52:15,652 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-04-18 04:52:20,840 [lib.core.packages] INFO: Process startup took 5.18 seconds
2025-04-18 04:52:20,845 [root] INFO: Added new process to list with pid: 2077
2025-04-18 04:52:26,856 [root] INFO: Process with pid 2077 has terminated
2025-04-18 04:52:26,858 [root] INFO: Process list is empty, terminating analysis.
2025-04-18 04:52:27,863 [lib.common.results] ERROR: Exception uploading file /tmp/qemu-open.oDkNXw to host: [Errno 2] No such file or directory: '/tmp/qemu-open.oDkNXw'
2025-04-18 04:52:29,862 [lib.core.packages] INFO: Package requested stop
2025-04-18 04:52:29,863 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process
2025-04-18 04:52:38,440 [root] INFO: Terminating remaining processes before shutdown.
2025-04-18 04:52:38,440 [root] INFO: Analysis completed.

Cuckoo Log

2025-04-18 04:52:48,413 [cuckoo.core.scheduler] INFO: Task #6297998: acquired machine Ubuntu1904x642 (label=Ubuntu1904x642)
2025-04-18 04:52:48,414 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.102 for task #6297998
2025-04-18 04:52:48,776 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2967107 (interface=vboxnet0, host=192.168.168.102)
2025-04-18 04:52:48,802 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x642
2025-04-18 04:52:49,324 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x642 to Snapshot
2025-04-18 04:52:56,341 [cuckoo.core.guest] INFO: Starting analysis #6297998 on guest (id=Ubuntu1904x642, ip=192.168.168.102)
2025-04-18 04:52:57,347 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: not ready yet
2025-04-18 04:53:02,373 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x642, ip=192.168.168.102)
2025-04-18 04:53:02,395 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x642, ip=192.168.168.102, monitor=latest, size=73219)
2025-04-18 04:53:02,606 [cuckoo.core.resultserver] DEBUG: Task #6297998: live log analysis.log initialized.
2025-04-18 04:53:08,784 [cuckoo.core.resultserver] DEBUG: Task #6297998: File upload for 'shots/0001.jpg'
2025-04-18 04:53:08,847 [cuckoo.core.resultserver] DEBUG: Task #6297998 uploaded file length: 171593
2025-04-18 04:53:11,243 [cuckoo.core.resultserver] DEBUG: Task #6297998: File upload for 'files/014bce4453491697_sudo'
2025-04-18 04:53:11,256 [cuckoo.core.resultserver] DEBUG: Task #6297998 uploaded file length: 177848
2025-04-18 04:53:17,480 [cuckoo.core.resultserver] DEBUG: Task #6297998: File upload for 'files/e3b0c44298fc1c14_qemu-open.oDkNXw'
2025-04-18 04:53:17,482 [cuckoo.core.resultserver] DEBUG: Task #6297998 uploaded file length: 0
2025-04-18 04:53:17,566 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: analysis #6297998 still processing
2025-04-18 04:53:19,483 [cuckoo.core.resultserver] DEBUG: Task #6297998: File upload for 'logs/all.stap'
2025-04-18 04:53:19,753 [cuckoo.core.resultserver] DEBUG: Task #6297998 uploaded file length: 2063008
2025-04-18 04:53:29,728 [cuckoo.core.guest] INFO: Ubuntu1904x642: analysis completed successfully
2025-04-18 04:53:29,750 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-04-18 04:53:29,797 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-04-18 04:53:30,776 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x642 to path /srv/cuckoo/cwd/storage/analyses/6297998/memory.dmp
2025-04-18 04:53:30,779 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x642
2025-04-18 04:53:38,638 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.102 for task #6297998
2025-04-18 04:53:39,300 [cuckoo.core.scheduler] DEBUG: Released database task #6297998
2025-04-18 04:53:39,318 [cuckoo.core.scheduler] INFO: Task #6297998: analysis procedure completed

Signatures

Raised Snort alerts (2 events)
snort ET DNS Query for .su TLD (Soviet Union) Often Malware Related
snort ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
Raised Suricata alerts (2 events)
suricata ET DNS Query for .su TLD (Soviet Union) Often Malware Related
suricata ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
File has been identified by 2 AntiVirus engine on IRMA as malicious (2 events)
Avast Core Security (Linux) ELF:Mirai-CQT [Trj]
DrWeb Antivirus (Linux) Linux.Mirai.8587
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.