Analysis

Category Package Started Completed Duration Options Log
FILE elf 2019-10-09 21:29:18 2019-10-09 21:29:33 15 seconds Show Options Show Log
  • Info: Analysis failed: Unable to import package "modules.packages.elf", does not exist.
procdump = 1
2019-10-09 22:29:18,000 [root] INFO: Date set to: 10-09-19, time set to: 21:29:18, timeout set to: 200
2019-10-09 22:29:18,015 [root] DEBUG: Starting analyzer from: C:\ulews
2019-10-09 22:29:18,015 [root] DEBUG: Storing results at: C:\ysFVQr
2019-10-09 22:29:18,015 [root] DEBUG: Pipe server name: \\.\PIPE\maLLRqGQXF
2019-10-09 22:29:18,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 22:29:18,015 [root] INFO: Automatically selected analysis package "elf"
2019-10-09 22:29:18,015 [root] ERROR: Traceback (most recent call last):
  File "C:\ulews\analyzer.py", line 1328, in <module>
    success = analyzer.run()
  File "C:\ulews\analyzer.py", line 1045, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.
Traceback (most recent call last):
  File "C:\ulews\analyzer.py", line 1328, in <module>
    success = analyzer.run()
  File "C:\ulews\analyzer.py", line 1045, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-10-09 21:29:18 2019-10-09 21:29:33

File Details

File Name 732f5aef77987f6a4255c07d5acdc997
File Size 28706 bytes
File Type ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), dynamically linked (uses shared libs), not stripped
MD5 732f5aef77987f6a4255c07d5acdc997
SHA1 2460a4b2eb0ca39b2107550a1cb6cbafec11cc05
SHA256 1e98a52c0deb02bede208d37d8758dd99ec3afa4412bb5ddc4e426c10900f803
SHA512 963860131f9404002c49d92953f3706a2bd7a32dd3709040537016d0054cc7b584182eca4e7458776dec599dbe3ab64b236185ae79bef81a0e9f1a6171e3875f
CRC32 3722D844
Ssdeep 768:/EAMxuWeBrQlr8hRo45d+O0ClGpKdGy4Du:/E0Ulrko45d+OzlGIdbOu
TrID
  • 100.0% (.O) ELF Executable and Linkable format (generic) (4000/1)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

No static analysis available.
/lib/ld-uClibc.so.0
__deregister_frame_info
__register_frame_info
_Jv_RegisterClasses
_init
_fini
__uClibc_main
strwildmatch
toupper
vsprintf
strlen
write
inet_addr
gethostbyname
bcopy
disabled
numpids
malloc
memset
fopen
fgets
filter
memcpy
fclose
socket
htons
listen
accept
select
ident
mfork
bzero
connect
getpid
host2ip
ioctl
sendto
adminuser1
strcasecmp
strncpy
flooders
spoofsm
spoofs
makestring
strcpy
strcat
changeservers
numservers
server
__errno_location
setsockopt
sleep
getcwd
strcmp
fputs
getppid
srand
waitpid
strtok
unknown
killsec
_PRIVMSG
_PING
libc.so.0
_DYNAMIC_LINKING
__RLD_MAP
_GLOBAL_OFFSET_TABLE_
_ftext
_fdata
_edata
__bss_start
_fbss
ff4Bfg
23.95.43.182
/usr/dict/words
+stop
+unknown
Kkt9x4JApM0RuSqCLA
PRIVMSG
/etc/rc.d/rc.local
/etc/rc.conf
/usr/bin/sshd
Remote
Remote IRC Bot
#hoho
ERROR
GCC: (GNU) 3.3.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 3.3.2
.symtab
.strtab
.shstrtab
.interp
.reginfo
.dynamic
.hash
.dynsym
.dynstr
.init
.text
.MIPS.stubs
.fini
.rodata
.eh_frame
.ctors
.dtors
.data
.rld_map
.sbss
.comment
.mdebug.abi32
crtstuff.c
__CTOR_LIST__
__DTOR_LIST__
__EH_FRAME_BEGIN__
__JCR_LIST__
completed.2296
p.2294
__do_global_dtors_aux
object.2349
frame_dummy
initfini.c
libc/sysdeps/linux/mips/crti.S
__CTOR_END__
__DTOR_END__
__FRAME_END__
__JCR_END__
__do_global_ctors_aux
libc/sysdeps/linux/mips/crtn.S
libc/sysdeps/linux/mips/crt1.S
Kaitenstd.c
textBuffer.4074
i.4086
_DYNAMIC
unknown
strcpy
waitpid
ioctl
vsprintf
_fdata
_gp_disp
connect
numpids
adminuser1
identd
_DYNAMIC_LINKING
ident
servers
getpid
killsec
fgets
mfork
memcpy
malloc
sleep
__dso_handle
socket
select
disabled
bzero
_init
accept
server
write
spoofs
udpTry
strcat
inet_addr
__deregister_frame_info
__start
makestring
setsockopt
spoofsm
_ftext
filter
strncpy
strcasecmp
sendto
_PRIVMSG
prefix
__RLD_MAP
bcopy
strtok
listen
__uClibc_main
fopen
__bss_start
memset
srand
fclose
getppid
host2ip
strcmp
data_start
getcwd
gethostbyname
_fini
sprintf
numservers
changeservers
strwildmatch
_edata
_GLOBAL_OFFSET_TABLE_
htons
__errno_location
_PING
strlen
toupper
fputs
__data_start
_Jv_RegisterClasses
flooders
_fbss
__register_frame_info
close
4@4@4
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.146 seconds )

  • 0.084 TrID
  • 0.024 CAPE
  • 0.024 TargetInfo
  • 0.007 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug
  • 0.001 Strings

Signatures ( 0.045 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 modify_proxy
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail

Reporting ( 0.0 seconds )

Task ID 94384
Mongo ID 5d9e513fc3c009112d67b3d5
Cuckoo release 1.3-CAPE
Delete