Summary
kt10
File kt10
Summary
| Size | 135.1KB |
|---|---|
| Type | ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped |
| MD5 | 3e23df799fe780efd801d5c68919448c |
| SHA1 | 4cb5b88ae387d42b635904e17b422fc04140b3b7 |
| SHA256 | ac368e6deceec0f3706b444c2e495f2ae676ec1536caefd443c33873ef795e6b |
| SHA512 |
5e00c503c2d015d1e1a9f3b14849dfcacfb101f0a2c43ec5be80e09cdd9452275bafa0cff58bc218059bdde4e6b18119b6da4a0745086f51403dc7fda3579577
|
| CRC32 | 26D65320 |
| ssdeep | None |
| Yara |
|
Score
This file is very suspicious, with a score of 10 out of 10!
Please notice: The scoring system is currently still in development and should be considered an alpha feature.
Feedback
Expecting different results? Send us this analysis and we will inspect it. Click here
Information on Execution
Analysis
| Category | Started | Completed | Duration | Routing | Logs |
|---|---|---|---|---|---|
| FILE | May 14, 2025, 12:24 a.m. | May 14, 2025, 12:30 a.m. | 353 seconds | internet |
Show Analyzer Log Show Cuckoo Log |
Analyzer Log
2025-05-14 00:24:01,007 [root] DEBUG: Starting analyzer from: /tmp/tmp5QPfEN 2025-05-14 00:24:01,008 [root] DEBUG: Storing results at: /tmp/VlACHWAx 2025-05-14 00:24:02,544 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08 2025-05-14 00:24:02,546 [modules.auxiliary.human] INFO: Human started v0.02 2025-05-14 00:24:02,547 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03 2025-05-14 00:24:08,033 [lib.core.packages] INFO: Process startup took 5.47 seconds 2025-05-14 00:24:08,033 [root] INFO: Added new process to list with pid: 2068 2025-05-14 00:24:17,045 [root] INFO: Process with pid 2068 has terminated 2025-05-14 00:24:17,046 [root] INFO: Process list is empty, terminating analysis. 2025-05-14 00:24:20,086 [lib.core.packages] INFO: Package requested stop 2025-05-14 00:24:20,087 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process
Cuckoo Log
2025-05-14 00:24:17,532 [cuckoo.core.scheduler] INFO: Task #6479026: acquired machine Ubuntu1904x646 (label=Ubuntu1904x646) 2025-05-14 00:24:17,533 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.106 for task #6479026 2025-05-14 00:24:17,870 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1339315 (interface=vboxnet0, host=192.168.168.106) 2025-05-14 00:24:17,918 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x646 2025-05-14 00:24:18,512 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x646 to Snapshot 2025-05-14 00:26:26,622 [cuckoo.core.guest] INFO: Starting analysis #6479026 on guest (id=Ubuntu1904x646, ip=192.168.168.106) 2025-05-14 00:26:27,629 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: not ready yet 2025-05-14 00:26:32,711 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x646, ip=192.168.168.106) 2025-05-14 00:26:32,739 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x646, ip=192.168.168.106, monitor=latest, size=73219) 2025-05-14 00:26:32,994 [cuckoo.core.resultserver] DEBUG: Task #6479026: live log analysis.log initialized. 2025-05-14 00:26:37,678 [cuckoo.core.resultserver] DEBUG: Task #6479026: File upload for 'shots/0001.jpg' 2025-05-14 00:26:37,689 [cuckoo.core.resultserver] DEBUG: Task #6479026 uploaded file length: 171607 2025-05-14 00:26:48,067 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6479026 still processing 2025-05-14 00:26:52,081 [cuckoo.core.resultserver] DEBUG: Task #6479026: File upload for 'logs/all.stap' 2025-05-14 00:26:52,084 [cuckoo.core.resultserver] DEBUG: Task #6479026 uploaded file length: 61012 2025-05-14 00:27:03,181 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6479026 still processing 2025-05-14 00:27:18,271 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6479026 still processing 2025-05-14 00:27:33,352 [cuckoo.core.guest] INFO: Ubuntu1904x646: end of analysis reached! 2025-05-14 00:27:33,366 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks 2025-05-14 00:27:33,395 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2025-05-14 00:27:34,249 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x646 to path /srv/cuckoo/cwd/storage/analyses/6479026/memory.dmp 2025-05-14 00:27:34,250 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x646 2025-05-14 00:30:09,302 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.106 for task #6479026 2025-05-14 00:30:09,303 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6479026 2025-05-14 00:30:11,336 [cuckoo.core.scheduler] DEBUG: Released database task #6479026 2025-05-14 00:30:11,358 [cuckoo.core.scheduler] INFO: Task #6479026: analysis procedure completed
Signatures
| description | Detects Mirai Botnet Malware | rule | Mirai_Botnet_Malware | ||||||
| description | Detects ELF malware Mirai related | rule | MAL_ELF_LNX_Mirai_Oct10_2 | ||||||
| description | Detection for Mirai Linux DDOS bot | rule | CrowdStrike_CSIT_16121_01 | ||||||
| snort | ETPRO POLICY Observed DNS Query to Dynamic DNS Service |
| snort | ET INFO DYNAMIC_DNS Query to a *.dns .army Domain |
| snort | ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain |
| suricata | ETPRO INFO Observed DNS Query to Dynamic DNS Service |
| suricata | ET DYN_DNS DYNAMIC_DNS Query to a *.dns .army Domain |
| suricata | ET DROP Spamhaus DROP Listed Traffic Inbound group 22 |
| suricata | ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain |
| G Data Antivirus (Windows) | Virus: Gen:Variant.Trojan.Linux.Gafgyt.8 (Engine A) |
| Avast Core Security (Linux) | ELF:Mirai-A [Trj] |
| C4S ClamAV (Linux) | C4S.MALWARE.SHA256.AUTOGEN.64081694.UNOFFICIAL |
| Trellix (Linux) | Linux/Mirai.f trojan |
| WithSecure (Linux) | Trojan:W32/Generic.abch!fsmind |
| eScan Antivirus (Linux) | Gen:Variant.Trojan.Linux.Gafgyt.8(DB) |
| ESET Security (Windows) | a variant of Linux/Mirai.A trojan |
| Sophos Anti-Virus (Linux) | Linux/DDoS-CI |
| DrWeb Antivirus (Linux) | Linux.Siggen.9999 |
| ClamAV (Linux) | Unix.Trojan.Mirai-7100807-0 |
| Bitdefender Antivirus (Linux) | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| Kaspersky Standard (Windows) | HEUR:Backdoor.Linux.Mirai.hw |
| Emsisoft Commandline Scanner (Windows) | Gen:Variant.Trojan.Linux.Gafgyt.8 (B) |
| Lionic | Trojan.Linux.Mirai.K!c |
| Cynet | Malicious (score: 99) |
| CTX | elf.trojan.mirai |
| Skyhigh | Linux/Mirai.f |
| ALYac | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| VIPRE | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| Sangfor | Suspicious.Linux.Save.a |
| K7GW | Trojan ( 0040f1971 ) |
| Arcabit | Trojan.Trojan.Linux.Gafgyt.8 |
| Symantec | Linux.Mirai |
| ESET-NOD32 | a variant of Linux/Mirai.A |
| TrendMicro-HouseCall | Possible_MIRAI.SMLBD1 |
| Avast | ELF:Mirai-A [Trj] |
| ClamAV | Unix.Trojan.Mirai-7100807-0 |
| Kaspersky | HEUR:Backdoor.Linux.Mirai.hw |
| BitDefender | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| NANO-Antivirus | Trojan.Elf32.Mirai.kxhrqx |
| MicroWorld-eScan | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| Rising | Backdoor.Mirai/Linux!1.B311 (CLASSIC) |
| Emsisoft | Gen:Variant.Trojan.Linux.Gafgyt.8 (B) |
| F-Secure | Malware.LINUX/Mirai.bonb |
| DrWeb | Linux.Siggen.9999 |
| TrendMicro | Possible_MIRAI.SMLBD1 |
| Sophos | Linux/DDoS-CI |
| Ikarus | Trojan.Linux.Mirai |
| Avast-Mobile | ELF:Mirai-DN [Trj] |
| Detected | |
| Avira | LINUX/Mirai.bonb |
| Antiy-AVL | Trojan[Backdoor]/Linux.Mirai.hw |
| Gridinsoft | Susp.U.XOREncoded.sd!yf |
| Microsoft | Backdoor:Linux/Gafgyt.P!MTB |
| ZoneAlarm | Linux/DDoS-CI |
| GData | Gen:Variant.Trojan.Linux.Gafgyt.8 |
| Varist | E32/Mirai.G.gen!Camelot |
| AhnLab-V3 | Linux/Mirai.Gen2 |
| McAfee | Linux/Mirai.f |
| Tencent | Backdoor.Linux.Mirai.wbc |
| huorong | Trojan/Linux.Mirai.g |
| MaxSecure | Trojan.Malware.121218.susgen |
| Fortinet | ELF/Mirai.A!tr |
| AVG | ELF:Mirai-A [Trj] |
| alibabacloud | Trojan:Linux/Mirai.AHE |
Screenshots
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
