Summary

phantom.arm5

File phantom.arm5

Summary
Download Resubmit sample

Size 21.7KB
Type ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, no section header
MD5 86e5523ec38abb58f4432c59ef66d26c
SHA1 25c74a1b6e3a9b378970b166b0d133e4428f8e0b
SHA256 d21fe37a2e3b2dd99c9362d1d0728b45495b8f744342a909c43964ea0b0394db
SHA512
ec7a904920a363272f2f61e285db91f9c5e0416841243296f5506a8c5c6835fb3521234a659f13ca72582a8fd2ec5d7b793d5a935d44e160249857758f29c56c
CRC32 F3574D21
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE May 16, 2025, 2:49 p.m. May 16, 2025, 2:56 p.m. 430 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-05-16 14:24:53,012 [root] DEBUG: Starting analyzer from: /tmp/tmpO80Eb4
2025-05-16 14:24:53,013 [root] DEBUG: Storing results at: /tmp/iDfkgSeCfd
2025-05-16 14:24:54,871 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-05-16 14:24:55,373 [modules.auxiliary.human] INFO: Human started v0.02
2025-05-16 14:24:55,374 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-05-16 14:25:04,885 [lib.core.packages] INFO: Process startup took 9.51 seconds
2025-05-16 14:25:04,886 [root] INFO: Added new process to list with pid: 2068
2025-05-16 14:25:16,899 [root] INFO: Process with pid 2068 has terminated
2025-05-16 14:25:16,900 [root] INFO: Process list is empty, terminating analysis.
2025-05-16 14:25:19,903 [lib.core.packages] INFO: Package requested stop
2025-05-16 14:25:19,904 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-05-16 14:49:43,629 [cuckoo.core.scheduler] INFO: Task #6481398: acquired machine Ubuntu1904x647 (label=Ubuntu1904x647)
2025-05-16 14:49:43,630 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.107 for task #6481398
2025-05-16 14:49:43,943 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2811672 (interface=vboxnet0, host=192.168.168.107)
2025-05-16 14:49:43,968 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x647
2025-05-16 14:49:44,603 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x647 to Snapshot
2025-05-16 14:52:55,988 [cuckoo.core.guest] INFO: Starting analysis #6481398 on guest (id=Ubuntu1904x647, ip=192.168.168.107)
2025-05-16 14:52:56,994 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: not ready yet
2025-05-16 14:53:02,022 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x647, ip=192.168.168.107)
2025-05-16 14:53:02,053 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x647, ip=192.168.168.107, monitor=latest, size=73219)
2025-05-16 14:53:02,229 [cuckoo.core.resultserver] DEBUG: Task #6481398: live log analysis.log initialized.
2025-05-16 14:53:07,844 [cuckoo.core.resultserver] DEBUG: Task #6481398: File upload for 'shots/0001.jpg'
2025-05-16 14:53:07,904 [cuckoo.core.resultserver] DEBUG: Task #6481398 uploaded file length: 171569
2025-05-16 14:53:17,221 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #6481398 still processing
2025-05-16 14:53:29,144 [cuckoo.core.resultserver] DEBUG: Task #6481398: File upload for 'logs/all.stap'
2025-05-16 14:53:29,151 [cuckoo.core.resultserver] DEBUG: Task #6481398 uploaded file length: 198133
2025-05-16 14:53:32,671 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #6481398 still processing
2025-05-16 14:53:47,788 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: analysis #6481398 still processing
2025-05-16 14:54:02,878 [cuckoo.core.guest] INFO: Ubuntu1904x647: end of analysis reached!
2025-05-16 14:54:02,894 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-05-16 14:54:02,932 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-05-16 14:54:03,852 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x647 to path /srv/cuckoo/cwd/storage/analyses/6481398/memory.dmp
2025-05-16 14:54:03,853 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x647
2025-05-16 14:56:53,528 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.107 for task #6481398
2025-05-16 14:56:53,529 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6481398
2025-05-16 14:56:54,018 [cuckoo.core.scheduler] DEBUG: Released database task #6481398
2025-05-16 14:56:54,038 [cuckoo.core.scheduler] INFO: Task #6481398: analysis procedure completed

Signatures

File has been identified by 8 AntiVirus engine on IRMA as malicious (8 events)
Avast Core Security (Linux) ELF:Mirai-ACU [Trj]
C4S ClamAV (Linux) Unix.Trojan.Mirai-8274771-0
WithSecure (Linux) Trojan:W32/Generic.abch!fsmind
ESET Security (Windows) a variant of Linux/Mirai.AX trojan
Sophos Anti-Virus (Linux) Mal/Generic-S
DrWeb Antivirus (Linux) Linux.Siggen.9999
ClamAV (Linux) Unix.Trojan.Mirai-8274771-0
Kaspersky Standard (Windows) HEUR:Backdoor.Linux.Mirai.ba
File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)
Lionic Trojan.ELF.Mirai.4!c
Symantec Linux.Mirai!g2
ESET-NOD32 a variant of Linux/Mirai.AX
Avast ELF:Mirai-ACU [Trj]
ClamAV Unix.Trojan.Mirai-8274771-0
Kaspersky HEUR:Backdoor.Linux.Mirai.ba
Rising Backdoor.Mirai/Linux!1.BC48 (CLASSIC)
DrWeb Linux.Siggen.9999
Ikarus Backdoor.Linux.Mirai
Google Detected
Antiy-AVL Trojan[Backdoor]/Linux.Mirai.ba
Microsoft Backdoor:Linux/Mirai.AW!xp
Varist E32/Mirai.BMN
Tencent Backdoor.Linux.Mirai.waw
huorong Trojan/Linux.Mirai.g
Fortinet ELF/Mirai.AT!tr
AVG ELF:Mirai-ACU [Trj]
alibabacloud Backdoor:Linux/Mirai.534b085d
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.