Analysis

Category Package Started Completed Duration Options Log
FILE elf 2019-10-09 21:52:52 2019-10-09 21:53:07 15 seconds Show Options Show Log
  • Info: Analysis failed: Unable to import package "modules.packages.elf", does not exist.
procdump = 1
2019-10-09 22:52:53,000 [root] INFO: Date set to: 10-09-19, time set to: 21:52:53, timeout set to: 200
2019-10-09 22:52:53,015 [root] DEBUG: Starting analyzer from: C:\ouawbawz
2019-10-09 22:52:53,015 [root] DEBUG: Storing results at: C:\aacbJuovA
2019-10-09 22:52:53,015 [root] DEBUG: Pipe server name: \\.\PIPE\ltOYKmjtn
2019-10-09 22:52:53,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 22:52:53,015 [root] INFO: Automatically selected analysis package "elf"
2019-10-09 22:52:53,015 [root] ERROR: Traceback (most recent call last):
  File "C:\ouawbawz\analyzer.py", line 1328, in <module>
    success = analyzer.run()
  File "C:\ouawbawz\analyzer.py", line 1045, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.
Traceback (most recent call last):
  File "C:\ouawbawz\analyzer.py", line 1328, in <module>
    success = analyzer.run()
  File "C:\ouawbawz\analyzer.py", line 1045, in run
    "not exist.".format(package_name))
CuckooError: Unable to import package "modules.packages.elf", does not exist.

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-10-09 21:52:52 2019-10-09 21:53:07

File Details

File Name 089c7572833f21cea1f637b845186a08
File Size 104155 bytes
File Type ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
MD5 089c7572833f21cea1f637b845186a08
SHA1 aa050ba6ee81576097df79a0c25eabb9abad2384
SHA256 09b53ff509d455bedf6b5a96b6cf236d2712ee1975346d7272fd8111538f1c6b
SHA512 f3e2264671da09ea7e55f519b81eb1ec54abaaa0fc858118fd402fa16f2b46dcd10a9880d6818edd0d1bdeda1011689ed90a11065698813e48896937cee47fdd
CRC32 DD55BE67
Ssdeep 1536:7NRLeTxIV123+UJZ0YvnZf7GpBkGoqj4fA/NF74:7s06nULv0
TrID
  • 100.0% (.O) ELF Executable and Linkable format (generic) (4000/1)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

No static analysis available.
yB4& b
B$! @
B$! @
B$! `
B$! `
B0! @
B$! `
B$! @
B$! @
B$! @
B$! @
E$!0
E$!0
B0! @
B$! @
B$! @
B0! @
B0! @
B$! @
B0! @
B0! @
B$! @
l!E$
B0! @
B0! @
B$! @
B0! @
B$! @
!E$!0`
B$! @
("D$!(
D"B$\
P"B$! @
P"B$! @
B$! @
B$! @
81R&P
B$$0C
94.177.217.132:777
admin
login
guest
support
changeme
12345
123456
default
password
(null)
/bin/sh
/proc/cpuinfo
BOGOMIPS
:>%$#
%d.%d.%d.%d
%d.%d.%d.0
ogin:
assword:
ncorrect
ulti-call
REPORT %s:%s:%s
gayfgt
wget -s -U ""
> /dev/null
Failed opening raw socket.
Failed setting raw headers mode.
Invalid flag "%s"
PONG!
GETLOCALIP
My IP: %s
SCANNER
SCANNER ON | OFF
KILLATTK
Killed %d.
None Killed.
LOLNOGTFO
8.8.8.8
/proc/net/route
[cpuset]
FAILED TO CONNECT
@login guest kek
%s 2>&1
LINK CLOSED
/bin/sh
/dev/null
GCC: (GNU) 3.3.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 3.3.2
.symtab
.strtab
.shstrtab
.reginfo
.init
.text
.fini
.rodata
.eh_frame
.ctors
.dtors
.data
.sbss
.comment
.mdebug.abi32
initfini.c
libc/sysdeps/linux/mips/crti.S
crtstuff.c
__CTOR_LIST__
__DTOR_LIST__
__EH_FRAME_BEGIN__
__JCR_LIST__
completed.2296
p.2294
__do_global_dtors_aux
object.2349
frame_dummy
__CTOR_END__
__DTOR_END__
__FRAME_END__
__JCR_END__
__do_global_ctors_aux
libc/sysdeps/linux/mips/crtn.S
libc/sysdeps/linux/mips/crt1.S
client.c
i.4134
printchar
prints
printi
print
fdopen_pids
hextable
ipState
libc/sysdeps/linux/mips/pipe.S
__syscall_fcntl.c
__syscall_fcntl64.c
_exit.c
chdir.c
close.c
dup2.c
fork.c
getdtablesize.c
getpid.c
getrlimit.c
ioctl.c
kill.c
open.c
prctl.c
read.c
select.c
setsid.c
sigprocmask.c
time.c
vfork.c
waitpid.c
write.c
isspace.c
toupper.c
__C_ctype_b.c
__C_ctype_toupper.c
__errno_location.c
puts.c
popen.c
popen_list
_stdio.c
_stdio_streams
__stdio_mutex_initializer.3833
_fixed_buffers
_wcommit.c
fputc_unlocked.c
fputs_unlocked.c
fwrite_unlocked.c
libc/string/mips/memcpy.S
libc/string/mips/memset.S
strcat.c
strchr.c
strcmp.c
strcpy.c
strlen.c
strstr.c
strtok.c
next_start.1065
isatty.c
tcgetattr.c
ntohl.c
inet_ntoa.c
buf.2613
inet_makeaddr.c
connect.c
getsockname.c
getsockopt.c
recv.c
send.c
sendto.c
setsockopt.c
socket.c
sigaddset.c
sigempty.c
signal.c
sigsetops.c
malloc.c
initial_fa
free.c
heap_alloc.c
heap_free.c
__heap_link_free_area
__heap_link_free_area_after
rand.c
random.c
mylock
unsafe_state
randtbl
random_r.c
random_poly_info
system.c
atol.c
strtol.c
_stdlib_strto_l.c
exit.c
execl.c
sleep.c
__uClibc_main.c
__pthread_return_0
__pthread_return_void
__check_one_fd
been_there_done_that.2792
__syscall_error.c
sigaction.c
__syscall_rt_sigaction.c
execve.c
getegid.c
geteuid.c
getgid.c
getuid.c
nanosleep.c
sbrk.c
wait4.c
errno.c
fclose.c
fdopen.c
_WRITE.c
_fopen.c
_fwrite.c
_trans2w.c
_uintmaxtostr.c
fflush_unlocked.c
memchr.c
mempcpy.c
memrchr.c
strtok_r.c
strpbrk.c
inet_aton.c
abort.c
been_there_done_that
dl-support.c
brk.c
fseeko.c
fseeko64.c
_adjust_pos.c
_cs_funcs.c
rawmemchr.c
strspn.c
raise.c
llseek.c
__GI___C_ctype_toupper_data
__GI_pipe
__GI___uClibc_init
__fini_array_end
__GI_dup2
__GI___libc_fcntl
__GI_memset
__GI_write
__GI_open
__GI_fcntl
__GI_inet_ntoa_r
__GI___C_ctype_b_data
__GI_exit
__app_fini
__exit_cleanup
__GI_close
__GI_sigprocmask
__GI_kill
__GI_ioctl
__uclibc_progname
__rtld_fini
__fini_array_start
__GI_fork
__GI_getpid
__init_array_end
__stdio_init_mutex
__GI__exit
__GI_waitpid
_stdio_term
__GI_signal
__preinit_array_end
_sigintr
__GI___libc_open
_stdio_init
__init_array_start
__preinit_array_start
__GI_execve
__libc_sigaction
strcpy
__GI_fcntl64
recvLine
__GI_sigaddset
__GI___ctype_b
__GI_memchr
waitpid
getrlimit
ioctl
_stdio_openlist_use_count
__GI_initstate_r
__GI_sigaction
strtok_r
__GI_time
getgid
popen
stdout
random
_fdata
getdtablesize
__GI_h_errno
__GI___ctype_toupper
_gp_disp
putc_unlocked
connect
__GI___uClibc_fini
numpids
sigemptyset
__pthread_mutex_lock
initConnection
__sigdelset
__uClibc_fini
memrchr
geteuid
__GI_setsid
sendTCP
pclose
__bsd_signal
__GI_strpbrk
__GI_setsockopt
__libc_stack_end
__GI_fclose
_uintmaxtostr
__libc_fcntl
_h_errno
getRandomPublicIP
__ctype_b
__GI_random_r
usernames
errno
getegid
__GI_sbrk
zprintf
execve
getpid
__GI_lseek64
setstate_r
getHost
__libc_getpid
wildString
__heap_free
fcntl64
prctl
memcpy
makeRandomStr
getRandomIP
__GI_fputs_unlocked
execl
sendHTTP
creat
_stdio_openlist_dec_use
sclose
__libc_select
__GI___C_ctype_toupper
__libc_nanosleep
__pthread_mutex_init
getuid
system
malloc
isatty
sleep
__GI_atol
__GI_read
random_r
__dso_handle
__malloc_heap_lock
tcpcsum
fdpclose
socket
select
_pthread_cleanup_pop_restore
isspace
__stdio_seek
mempcpy
__GI_strcoll
__ctype_toupper
__libc_read
__GI_strchr
__malloc_heap
sigaddset
__GI_tcgetattr
__environ
makeIPPacket
sockprintf
__GI_inet_ntoa
abort
__GI_fwrite_unlocked
__GI_getgid
srandom_r
_init
__GI_setstate_r
parseHex
strtol
__libc_lseek64
rawmemchr
__GI_mempcpy
__sigaddset
nanosleep
__GI_send
h_errno
__pthread_mutex_unlock
wait4
__GI_execl
__GI_srandom_r
write
environ
fputs_unlocked
__pthread_mutex_trylock
strcat
__GI_brk
__GI_strcat
__GI_nanosleep
__GI_strtok
_stdio_openlist
inet_addr
ntohl
__GI_fseek
__deregister_frame_info
ourIP
chdir
__start
fseeko
_stdio_openlist_del_count
connectTimeout
__raise
setsockopt
bsd_signal
fseek
__GI_strcmp
setstate
memchr
__GI_toupper
__pthread_initialize_minimal
__GI_recv
__stdin
stdin
__GI_isatty
_ftext
strstr
init_rand
signal
getCores
__GI_memcpy
strcoll
_stdio_user_locking
htonl
sendto
__C_ctype_toupper
StartTheLelz
__GI___C_ctype_b
__libc_send
currentServer
__GI_getrlimit
__GI_strcpy
strtok
__GI___fputc_unlocked
__stdio_adjust_position
fdopen
gotIP
__GI_sleep
sigaction
_dl_phdr
__GI___libc_fcntl64
__uClibc_init
__GI_random
__syscall_error
__GI_getegid
__GI_wait4
__uClibc_main
__libc_close
inet_aton
index
_pthread_cleanup_push_defer
processCmd
__sigismember
__bss_start
__libc_open
getOurIP
memset
__GI_socket
listFork
__stdio_fwrite
negotiate
srand
initstate
fclose
__syscall_rt_sigaction
ntohs
sendUDP
inet_ntoa
tcgetattr
__libc_system
__GI_abort
fdpopen
strcmp
data_start
__h_errno_location
__GI_putc_unlocked
matchPrompt
__C_ctype_b_data
_stdio_fopen
_fini
__GI_chdir
__vfork
__malloc_sbrk_lock
fdgets
__GI_select
__libc_waitpid
stderr
commServer
vfork
__C_ctype_b
srandom
__GI_sendto
__GI_sigemptyset
__libc_fork
__atexit_lock
scanPid
rand_cmwc
__libc_fcntl64
getsockopt
__GI_fseeko64
fflush_unlocked
__stdio_wcommit
fwrite_unlocked
inet_ntoa_r
__pagesize
_stdio_openlist_add_lock
__GI_getdtablesize
_edata
__stdout
__GI_memrchr
__GI_fflush_unlocked
_GLOBAL_OFFSET_TABLE_
__GI_strstr
htons
__GI_strspn
initstate_r
__GI_connect
__curbrk
_dl_phnum
__errno_location
uppercase
_stdlib_strto_l
__stdio_WRITE
__GI_geteuid
__heap_alloc
__C_ctype_toupper_data
_dl_aux_init
sendJUNK
_errno
_stdio_openlist_del_lock
__GI_inet_aton
_exit
szprintf
strspn
__libc_recv
__libc_creat
strlen
lseek64
toupper
__libc_write
__GI_strtol
__GI_getuid
__GI_strtok_r
__GI_errno
__libc_sendto
__stdio_trans2w_o
__GI_vfork
strchr
__GI_rawmemchr
__GI_raise
__data_start
setsid
__GI_inet_addr
_Jv_RegisterClasses
macAddress
__GI___errno_location
fputc_unlocked
readUntil
fcntl
__GI_fdopen
__GI_atoi
_fbss
fseeko64
__register_frame_info
__GI_getsockname
close
__libc_connect
passwords
__GI_strlen
sendHOLD
mainCommSock
strpbrk
getBogos
raise
sigprocmask
__fputc_unlocked
getsockname
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.213 seconds )

  • 0.085 TrID
  • 0.055 CAPE
  • 0.054 TargetInfo
  • 0.007 NetworkAnalysis
  • 0.006 Strings
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.042 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail

Reporting ( 0.0 seconds )

Task ID 94387
Mongo ID 5d9e56c3f69fab997c67b427
Cuckoo release 1.3-CAPE
Delete