Cuckoo Sandbox

File mirai.arm5n

Summary
Download Resubmit sample

Size	56.1KB
Type	ELF 32-bit LSB executable, ARM, version 1 (ARM), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
MD5	`d80dbe6ec2f070c4e68d4cdbf047d45d`
SHA1	`c783afe3cc79723743874de01ff9aae452f61862`
SHA256	`18c0af918db4211e114992f95313f45943acd1c6a513384a3bc2b8c8db451ca0`
SHA512	`87f815ef69d0718ec07d6409b7bc8677d33977b27eb6b1b01469bebf2ccfaf46edbb27850c53fda540b7f0fbbd61560173e02a40e706bb79082a955df40a7adb`
CRC32	`2E943B5E`
ssdeep	`None`
Yara	Mirai_Botnet_Malware - Detects Mirai Botnet Malware MAL_ELF_LNX_Mirai_Oct10_2 - Detects ELF malware Mirai related CrowdStrike_CSIT_16121_01 - Detection for Mirai Linux DDOS bot

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 6, 2025, 1:23 p.m.	July 6, 2025, 1:24 p.m.	85 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-07-06 13:23:02,028 [root] DEBUG: Starting analyzer from: /tmp/tmp0o0e3z
2025-07-06 13:23:02,029 [root] DEBUG: Storing results at: /tmp/SrHdmNmp
2025-07-06 13:23:04,067 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-07-06 13:23:04,569 [modules.auxiliary.human] INFO: Human started v0.02
2025-07-06 13:23:04,571 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-07-06 13:23:13,019 [lib.core.packages] INFO: Process startup took 8.44 seconds
2025-07-06 13:23:13,021 [root] INFO: Added new process to list with pid: 2082
2025-07-06 13:23:22,038 [root] INFO: Process with pid 2082 has terminated
2025-07-06 13:23:22,039 [root] INFO: Process list is empty, terminating analysis.
2025-07-06 13:23:25,045 [lib.core.packages] INFO: Package requested stop
2025-07-06 13:23:25,046 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-07-06 13:23:17,622 [cuckoo.core.scheduler] INFO: Task #6658939: acquired machine Ubuntu1904x643 (label=Ubuntu1904x643)
2025-07-06 13:23:17,622 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.103 for task #6658939
2025-07-06 13:23:18,000 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1010085 (interface=vboxnet0, host=192.168.168.103)
2025-07-06 13:23:18,032 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x643
2025-07-06 13:23:18,688 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x643 to Snapshot
2025-07-06 13:23:26,470 [cuckoo.core.guest] INFO: Starting analysis #6658939 on guest (id=Ubuntu1904x643, ip=192.168.168.103)
2025-07-06 13:23:27,476 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: not ready yet
2025-07-06 13:23:32,518 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x643, ip=192.168.168.103)
2025-07-06 13:23:32,547 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x643, ip=192.168.168.103, monitor=latest, size=73219)
2025-07-06 13:23:33,903 [cuckoo.core.resultserver] DEBUG: Task #6658939: live log analysis.log initialized.
2025-07-06 13:23:39,601 [cuckoo.core.resultserver] DEBUG: Task #6658939: File upload for 'shots/0001.jpg'
2025-07-06 13:23:39,655 [cuckoo.core.resultserver] DEBUG: Task #6658939 uploaded file length: 171485
2025-07-06 13:23:47,762 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #6658939 still processing
2025-07-06 13:23:56,960 [cuckoo.core.resultserver] DEBUG: Task #6658939: File upload for 'logs/all.stap'
2025-07-06 13:23:56,965 [cuckoo.core.resultserver] DEBUG: Task #6658939 uploaded file length: 23456
2025-07-06 13:24:02,954 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #6658939 still processing
2025-07-06 13:24:18,045 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #6658939 still processing
2025-07-06 13:24:33,134 [cuckoo.core.guest] INFO: Ubuntu1904x643: end of analysis reached!
2025-07-06 13:24:33,145 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-06 13:24:33,171 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-06 13:24:34,185 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x643 to path /srv/cuckoo/cwd/storage/analyses/6658939/memory.dmp
2025-07-06 13:24:34,186 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x643
2025-07-06 13:24:42,166 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.103 for task #6658939
2025-07-06 13:24:42,167 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6658939
2025-07-06 13:24:42,527 [cuckoo.core.scheduler] DEBUG: Released database task #6658939
2025-07-06 13:24:42,542 [cuckoo.core.scheduler] INFO: Task #6658939: analysis procedure completed

Signatures

Yara rules detected for file (3 events)

description	Detects Mirai Botnet Malware	rule	Mirai_Botnet_Malware
description	Detects ELF malware Mirai related	rule	MAL_ELF_LNX_Mirai_Oct10_2
description	Detection for Mirai Linux DDOS bot	rule	CrowdStrike_CSIT_16121_01

File has been identified by 13 AntiVirus engine on IRMA as malicious (13 events)

G Data Antivirus (Windows)	Virus: Trojan.Linux.Mirai.1 (Engine A), Linux.Trojan.Mirai.B (Engine B)
Avast Core Security (Linux)	ELF:Mirai-ADI [Trj]
C4S ClamAV (Linux)	Unix.Trojan.Mirai-7100807-0
Trellix (Linux)	Linux/Mirai.a trojan
WithSecure (Linux)	Malware.LINUX/Mirai.bonb
eScan Antivirus (Linux)	Trojan.Linux.Mirai.1(DB)
ESET Security (Windows)	a variant of Linux/Mirai.A trojan
Sophos Anti-Virus (Linux)	Linux/DDoS-CI
DrWeb Antivirus (Linux)	Linux.Siggen.9999
ClamAV (Linux)	Unix.Trojan.Mirai-7100807-0
Bitdefender Antivirus (Linux)	Trojan.Linux.Mirai.1
Kaspersky Standard (Windows)	HEUR:Backdoor.Linux.Mirai.n
Emsisoft Commandline Scanner (Windows)	Trojan.Linux.Mirai.1 (B)

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Lionic	Trojan.ELF.Mirai.4!c
Cynet	Malicious (score: 99)
CTX	elf.trojan.mirai
Skyhigh	Linux/Mirai.a
ALYac	Trojan.Linux.Mirai.1
VIPRE	Trojan.Linux.Mirai.1
Sangfor	Suspicious.Linux.Save.a
Arcabit	Trojan.Linux.Mirai.1
Symantec	Linux.Mirai
ESET-NOD32	a variant of Linux/Mirai.A
TrendMicro-HouseCall	Possible_MIRAI.SMLB6
Avast	ELF:Mirai-ADI [Trj]
ClamAV	Unix.Trojan.Mirai-7100807-0
Kaspersky	HEUR:Backdoor.Linux.Mirai.n
BitDefender	Trojan.Linux.Mirai.1
MicroWorld-eScan	Trojan.Linux.Mirai.1
Rising	Backdoor.Mirai/Linux!1.AA81 (CLASSIC)
Emsisoft	Trojan.Linux.Mirai.1 (B)
F-Secure	Malware.LINUX/Mirai.bonb
DrWeb	Linux.Siggen.9999
TrendMicro	Possible_MIRAI.SMLB6
Sophos	Linux/DDoS-CI
Ikarus	Backdoor.Linux.Mirai
Avast-Mobile	ELF:Mirai-DN [Trj]
Google	Detected
Avira	LINUX/Mirai.bonb
Kingsoft	Linux.Backdoor.Mirai.n
Gridinsoft	Susp.U.XOREncoded.sd!yf
Microsoft	Backdoor:Linux/Mirai.AW!xp
ZoneAlarm	Linux/DDoS-CI
GData	Linux.Trojan.Mirai.B
Varist	E32/Mirai.BC.gen!Camelot
AhnLab-V3	Linux/Mirai.Gen
Tencent	Backdoor.Linux.Mirai.waw
TrellixENS	Linux/Mirai.a
huorong	Trojan/Linux.Mirai.g
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Linux/Mirai.A!tr
AVG	ELF:Mirai-ADI [Trj]

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File mirai.arm5n

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample