Analysis

Category Package Started Completed Duration Options Log
FILE elf 2019-11-08 21:50:23 2019-11-08 21:50:38 15 seconds Show Options Show Log
  • Info: Analysis failed: Unable to import package "modules.packages.elf", does not exist.
procdump = 1
2019-11-08 21:50:24,000 [root] INFO: Date set to: 11-08-19, time set to: 21:50:24, timeout set to: 200
2019-11-08 21:50:24,000 [root] DEBUG: Starting analyzer from: C:\qfpsvay
2019-11-08 21:50:24,000 [root] DEBUG: Storing results at: C:\nYmwJFYPm
2019-11-08 21:50:24,000 [root] DEBUG: Pipe server name: \\.\PIPE\yuklBZkXvT
2019-11-08 21:50:24,000 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-11-08 21:50:24,000 [root] INFO: Automatically selected analysis package "elf"
2019-11-08 21:50:24,000 [root] ERROR: Traceback (most recent call last):
  File "C:\qfpsvay\analyzer.py", line 1332, in <module>
    success = analyzer.run()
  File "C:\qfpsvay\analyzer.py", line 1047, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.
Traceback (most recent call last):
  File "C:\qfpsvay\analyzer.py", line 1332, in <module>
    success = analyzer.run()
  File "C:\qfpsvay\analyzer.py", line 1047, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-11-08 21:50:23 2019-11-08 21:50:38

File Details

File Name f71e9bb3b27567dd4076f234523ec5f0
File Size 71504 bytes
File Type ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
MD5 f71e9bb3b27567dd4076f234523ec5f0
SHA1 8291efbfa25ab2883336d5b8361335aaceb1e0e8
SHA256 401ae7f71bfd16f5343c2ab6396e8e3e9e6c1ac29a1d0467b6bf102d01bbfbfd
SHA512 df29c0d851d98bec1cb728d145da22768ae4cd949948fa17683b62705188c5f9ba71efed909f7481d583a57a619a7b72e4255d51041a1bac69ebffdebb2b0bce
CRC32 2A5E9E6A
Ssdeep 1536:IaOa6jRkqgYIeBKFL7TA0gSI25NbgRreLPclELldjaPUu:IaumqgreBKFLnA0gMsRrQxdjacu
TrID
  • 50.1% (.) ELF Executable and Linkable format (Linux) (4025/14)
  • 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
ClamAV None matched
Yara
  • shellcode_get_eip - Match x86 that appears to fetch $PC.
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

No static analysis available.
D$ [Xj
uJQQj
POST /cdn-cgi/
User-Agent:
Host:
Cookie:
/proc/net/tcp
/proc/net/tcp6
/var/hosts
iptables -F
Content-Length:
Content-Length:
http://
./do & 2>&1
iptables exec failed
/dev/watchdog
/dev/misc/watchdog
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 23 -j DROP
http://blog.sina.com.cn/s/blog_16ddc602c0102xha2.html
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abcdefghijklmnopqrstuvw012345678
ZOJFKRA
FGDCWNV
HWCLVGAJ
QWRRMPV
RCQQUMPF
QOACFOKL
OGKLQO
cFOKLKQVPCVMP
QGPTKAG
QWRGPTKQMP
EWGQV
CFOKLKQVPCVMP
HT@XF
TKXZT
CFOKL
Q[QVGO
FPGCO@MZ
PGCNVGI
DWAIGP
OMVJGP
enter
assword
uEzAs"
CLKOG"
QVCVWQ"
jvvrdnmmf"
nmnlmevdm"
XMNNCPF"
egvnmacnkr"
QJGNN"
GLC@NG"
Q[QVGO"
okpck"
DMWLF"
LAMPPGAV"
sWGP["
AMLD"
CNKTG"
AJWLIGF"
FMQCPPGQV"
LEKLZ"
WPNGLAMFGF"
/bin/sh
/dev/null
.shstrtab
.init
.text
.fini
.rodata
.ctors
.dtors
.data
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.265 seconds )

  • 0.115 TrID
  • 0.074 CAPE
  • 0.059 TargetInfo
  • 0.007 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.004 Strings
  • 0.001 Debug

Signatures ( 0.048 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 modify_proxy
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name

Reporting ( 0.0 seconds )

Task ID 108521
Mongo ID 5dc5e3326d82384e386a21ee
Cuckoo release 1.3-CAPE
Delete