Summary

shellcode.bin

File shellcode.bin

Summary
Download Resubmit sample

Size 53.7KB
Type data
MD5 8e64f2fee2412c9cf58a58f1352cb122
SHA1 019a026db64f75b07feb1fade538c86782fec660
SHA256 8e15319c1069cab2177ad3962f64bf84c59c839d85ce84050264d6106c181191
SHA512
c0bdb9eee753d175e1e6126cd27b1f33dabfc5c3c100c1f44ddfb3b9a7f88e1c09170672437efecbefe4a0463f1a9e9e67b857656de6e91baac4b78ba4c65549
CRC32 00C3A56E
ssdeep None
Yara None matched

Score

This file shows numerous signs of malicious behavior.

The score of this file is 2.9 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Sept. 13, 2025, 5:56 a.m. Sept. 13, 2025, 5:57 a.m. 96 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-09-13 05:55:54,011 [root] DEBUG: Starting analyzer from: /tmp/tmpJNnGfl
2025-09-13 05:55:54,011 [root] DEBUG: Storing results at: /tmp/BBeVEZw
2025-09-13 05:55:54,011 [lib.core.packages] INFO: _guess_package_name failed
2025-09-13 05:55:54,012 [lib.core.packages] INFO: data
2025-09-13 05:55:54,012 [lib.core.packages] INFO: shellcode.bin
2025-09-13 05:55:55,794 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-09-13 05:55:55,796 [modules.auxiliary.human] INFO: Human started v0.02
2025-09-13 05:55:55,799 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-09-13 05:56:00,648 [lib.core.packages] INFO: Process startup took 4.84 seconds
2025-09-13 05:56:00,650 [root] INFO: Added new process to list with pid: 2070
2025-09-13 05:56:06,662 [root] INFO: Process with pid 2070 has terminated
2025-09-13 05:56:06,663 [root] INFO: Process list is empty, terminating analysis.
2025-09-13 05:56:09,665 [lib.core.packages] INFO: Package requested stop
2025-09-13 05:56:09,666 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2025-09-13 05:56:15,011 [cuckoo.core.scheduler] INFO: Task #6968164: acquired machine Ubuntu1904x646 (label=Ubuntu1904x646)
2025-09-13 05:56:15,011 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.106 for task #6968164
2025-09-13 05:56:16,692 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1283791 (interface=vboxnet0, host=192.168.168.106)
2025-09-13 05:56:16,754 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x646
2025-09-13 05:56:18,799 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x646 to Snapshot
2025-09-13 05:56:30,807 [cuckoo.core.guest] INFO: Starting analysis #6968164 on guest (id=Ubuntu1904x646, ip=192.168.168.106)
2025-09-13 05:56:31,813 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: not ready yet
2025-09-13 05:56:36,837 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x646, ip=192.168.168.106)
2025-09-13 05:56:36,864 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x646, ip=192.168.168.106, monitor=latest, size=73219)
2025-09-13 05:56:37,092 [cuckoo.core.resultserver] DEBUG: Task #6968164: live log analysis.log initialized.
2025-09-13 05:56:42,311 [cuckoo.core.resultserver] DEBUG: Task #6968164: File upload for 'shots/0001.jpg'
2025-09-13 05:56:42,365 [cuckoo.core.resultserver] DEBUG: Task #6968164 uploaded file length: 171599
2025-09-13 05:56:52,072 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6968164 still processing
2025-09-13 05:56:52,773 [cuckoo.core.resultserver] DEBUG: Task #6968164: File upload for 'logs/all.stap'
2025-09-13 05:56:52,777 [cuckoo.core.resultserver] DEBUG: Task #6968164 uploaded file length: 1197
2025-09-13 05:57:07,376 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6968164 still processing
2025-09-13 05:57:22,479 [cuckoo.core.guest] DEBUG: Ubuntu1904x646: analysis #6968164 still processing
2025-09-13 05:57:37,553 [cuckoo.core.guest] INFO: Ubuntu1904x646: end of analysis reached!
2025-09-13 05:57:37,566 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-13 05:57:37,591 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-13 05:57:40,189 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x646 to path /srv/cuckoo/cwd/storage/analyses/6968164/memory.dmp
2025-09-13 05:57:40,190 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x646
2025-09-13 05:57:50,563 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.106 for task #6968164
2025-09-13 05:57:50,564 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6968164
2025-09-13 05:57:50,901 [cuckoo.core.scheduler] DEBUG: Released database task #6968164
2025-09-13 05:57:50,921 [cuckoo.core.scheduler] INFO: Task #6968164: analysis procedure completed

Signatures

File has been identified by at least one AntiVirus engine on IRMA as malicious (1 event)
Sophos Anti-Virus (Linux) ATK/DonutLdr-A
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.