Summary

amd64

File amd64

Summary
Download Resubmit sample

Size 470.7KB
Type ELF 64-bit LSB executable, x86-64, version 1 (SYSV), static-pie linked, stripped
MD5 7aaeb7d6f08ae9c79b908e3d3508de8b
SHA1 3a75c352ca8da0a9da141df1f8ae6fe283991f6c
SHA256 6cd3597a87d64c4071d99cb313aaee66614ffd525e009e39f651ceed2d00da6a
SHA512
7b00da931dd8a29eaec465be8298b6f3db323ecc04b2e8825c8a739fddb19843d0b735fa324a0b945241b5483f1262a9308390e2edbd2fe3fb6e7c382faea24c
CRC32 A34DFBF6
ssdeep None
Yara None matched

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.7 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE May 26, 2025, 1:24 a.m. May 26, 2025, 1:26 a.m. 83 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-05-26 01:24:48,003 [root] DEBUG: Starting analyzer from: /tmp/tmpWbpySP
2025-05-26 01:24:48,003 [root] DEBUG: Storing results at: /tmp/RkalbfFH
2025-05-26 01:24:50,253 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-05-26 01:24:50,257 [modules.auxiliary.human] INFO: Human started v0.02
2025-05-26 01:24:50,760 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-05-26 01:24:55,450 [lib.core.packages] INFO: Process startup took 4.68 seconds
2025-05-26 01:24:55,453 [root] INFO: Added new process to list with pid: 2061
2025-05-26 01:25:01,462 [root] INFO: Process with pid 2061 has terminated
2025-05-26 01:25:01,464 [root] INFO: Process list is empty, terminating analysis.
2025-05-26 01:25:04,579 [lib.core.packages] INFO: Package requested stop
2025-05-26 01:25:04,581 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-05-26 01:24:54,754 [cuckoo.core.scheduler] INFO: Task #6513158: acquired machine Ubuntu1904x641 (label=Ubuntu1904x641)
2025-05-26 01:24:54,754 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.101 for task #6513158
2025-05-26 01:24:55,142 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3995132 (interface=vboxnet0, host=192.168.168.101)
2025-05-26 01:24:55,177 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x641
2025-05-26 01:24:55,895 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x641 to Snapshot
2025-05-26 01:25:03,101 [cuckoo.core.guest] INFO: Starting analysis #6513158 on guest (id=Ubuntu1904x641, ip=192.168.168.101)
2025-05-26 01:25:04,106 [cuckoo.core.guest] DEBUG: Ubuntu1904x641: not ready yet
2025-05-26 01:25:09,132 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x641, ip=192.168.168.101)
2025-05-26 01:25:09,156 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x641, ip=192.168.168.101, monitor=latest, size=73219)
2025-05-26 01:25:09,415 [cuckoo.core.resultserver] DEBUG: Task #6513158: live log analysis.log initialized.
2025-05-26 01:25:14,565 [cuckoo.core.resultserver] DEBUG: Task #6513158: File upload for 'shots/0001.jpg'
2025-05-26 01:25:14,572 [cuckoo.core.resultserver] DEBUG: Task #6513158 uploaded file length: 171599
2025-05-26 01:25:17,045 [cuckoo.core.resultserver] DEBUG: Task #6513158: File upload for 'files/e3b0c44298fc1c14_root1086f3d'
2025-05-26 01:25:17,048 [cuckoo.core.resultserver] DEBUG: Task #6513158 uploaded file length: 0
2025-05-26 01:25:24,478 [cuckoo.core.guest] DEBUG: Ubuntu1904x641: analysis #6513158 still processing
2025-05-26 01:25:26,011 [cuckoo.core.resultserver] DEBUG: Task #6513158: File upload for 'logs/all.stap'
2025-05-26 01:25:26,032 [cuckoo.core.resultserver] DEBUG: Task #6513158 uploaded file length: 142337
2025-05-26 01:25:39,576 [cuckoo.core.guest] DEBUG: Ubuntu1904x641: analysis #6513158 still processing
2025-05-26 01:25:54,681 [cuckoo.core.guest] DEBUG: Ubuntu1904x641: analysis #6513158 still processing
2025-05-26 01:26:09,748 [cuckoo.core.guest] INFO: Ubuntu1904x641: end of analysis reached!
2025-05-26 01:26:09,762 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-05-26 01:26:09,786 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-05-26 01:26:10,730 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x641 to path /srv/cuckoo/cwd/storage/analyses/6513158/memory.dmp
2025-05-26 01:26:10,731 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x641
2025-05-26 01:26:18,189 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.101 for task #6513158
2025-05-26 01:26:18,190 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6513158
2025-05-26 01:26:18,471 [cuckoo.core.scheduler] DEBUG: Released database task #6513158
2025-05-26 01:26:18,490 [cuckoo.core.scheduler] INFO: Task #6513158: analysis procedure completed

Signatures

Raised Snort alerts (1 event)
snort ET P2P BitTorrent DHT ping request
Raised Suricata alerts (1 event)
suricata ET P2P BitTorrent DHT ping request
File has been identified by 2 AntiVirus engine on IRMA as malicious (2 events)
ESET Security (Windows) a variant of Linux/TrojanDropper.Agent.U trojan
DrWeb Antivirus (Linux) Linux.Siggen.9080
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.