Cuckoo Sandbox

File m68k

Summary
Download Resubmit sample

Size	89.3KB
Type	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
MD5	`be809e95e30cf1f08ea35fdacc8ee418`
SHA1	`9e9a4e547511077bda762a6ffe7511fa35aa0f5c`
SHA256	`1fa305b5646b159d7af886c8bffb8da00076f9487991c2ceec382fd7c81cc208`
SHA512	`f9718f1cdc11eb6948bd6cda9ecd62ba068a774f799b5987d1bad23f4682d1e8e05e750f7d40623dcc426fdf33f05923c8796521ed0b55a9ff62d53fdb79953c`
CRC32	`3E225DC6`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 6, 2025, 12:09 p.m.	Dec. 6, 2025, 12:10 p.m.	57 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-12-06 12:08:55,005 [root] DEBUG: Starting analyzer from: /tmp/tmpACq88_
2025-12-06 12:08:55,006 [root] DEBUG: Storing results at: /tmp/RXLnzGYQ
2025-12-06 12:08:57,033 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-12-06 12:08:57,037 [modules.auxiliary.human] INFO: Human started v0.02
2025-12-06 12:08:57,039 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-12-06 12:09:05,901 [lib.core.packages] INFO: Process startup took 8.85 seconds
2025-12-06 12:09:05,903 [root] INFO: Added new process to list with pid: 2076
2025-12-06 12:09:14,918 [root] INFO: Process with pid 2076 has terminated
2025-12-06 12:09:14,920 [root] INFO: Process list is empty, terminating analysis.
2025-12-06 12:09:17,924 [lib.core.packages] INFO: Package requested stop
2025-12-06 12:09:17,925 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process
2025-12-06 12:09:23,256 [root] INFO: Terminating remaining processes before shutdown.
2025-12-06 12:09:23,257 [root] INFO: Analysis completed.

Cuckoo Log

2025-12-06 12:09:48,297 [cuckoo.core.scheduler] INFO: Task #7214890: acquired machine Ubuntu1904x643 (label=Ubuntu1904x643)
2025-12-06 12:09:48,297 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.103 for task #7214890
2025-12-06 12:09:48,703 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2690009 (interface=vboxnet0, host=192.168.168.103)
2025-12-06 12:09:48,728 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x643
2025-12-06 12:09:50,036 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x643 to Snapshot
2025-12-06 12:09:58,914 [cuckoo.core.guest] INFO: Starting analysis #7214890 on guest (id=Ubuntu1904x643, ip=192.168.168.103)
2025-12-06 12:09:59,986 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: not ready yet
2025-12-06 12:10:05,012 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x643, ip=192.168.168.103)
2025-12-06 12:10:05,035 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x643, ip=192.168.168.103, monitor=latest, size=73219)
2025-12-06 12:10:05,255 [cuckoo.core.resultserver] DEBUG: Task #7214890: live log analysis.log initialized.
2025-12-06 12:10:10,410 [cuckoo.core.resultserver] DEBUG: Task #7214890: File upload for 'shots/0001.jpg'
2025-12-06 12:10:10,418 [cuckoo.core.resultserver] DEBUG: Task #7214890 uploaded file length: 171480
2025-12-06 12:10:20,241 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #7214890 still processing
2025-12-06 12:10:28,196 [cuckoo.core.resultserver] DEBUG: Task #7214890: File upload for 'logs/all.stap'
2025-12-06 12:10:28,200 [cuckoo.core.resultserver] DEBUG: Task #7214890 uploaded file length: 88341
2025-12-06 12:10:35,326 [cuckoo.core.guest] INFO: Ubuntu1904x643: analysis completed successfully
2025-12-06 12:10:35,345 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-12-06 12:10:35,377 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-12-06 12:10:36,554 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x643 to path /srv/cuckoo/cwd/storage/analyses/7214890/memory.dmp
2025-12-06 12:10:36,556 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x643
2025-12-06 12:10:45,378 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.103 for task #7214890
2025-12-06 12:10:45,813 [cuckoo.core.scheduler] DEBUG: Released database task #7214890
2025-12-06 12:10:45,845 [cuckoo.core.scheduler] INFO: Task #7214890: analysis procedure completed

Signatures

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Trojan.Linux.Mirai.1 (Engine A)
Avast Core Security (Linux)	ELF:Mirai-CVR [Trj]
C4S ClamAV (Linux)	Unix.Trojan.Mirai-6981989-0
WithSecure (Linux)	Trojan:W32/Generic.abch!mind
eScan Antivirus (Linux)	Trojan.Linux.Mirai.1(DB)
ESET Security (Windows)	a variant of Linux/Mirai_AGen.MH trojan
Sophos Anti-Virus (Linux)	Mal/Generic-S
DrWeb Antivirus (Linux)	Linux.Mirai.9739
ClamAV (Linux)	Unix.Trojan.Mirai-6981989-0
Bitdefender Antivirus (Linux)	Trojan.Linux.Mirai.1
Kaspersky Standard (Windows)	HEUR:Backdoor.Linux.Mirai.b
Emsisoft Commandline Scanner (Windows)	Trojan.Linux.Mirai.1 (B)

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Lionic	Trojan.Linux.Mirai.K!c
Cynet	Malicious (score: 99)
CTX	elf.trojan.mirai
ALYac	Trojan.Linux.Mirai.1
VIPRE	Trojan.Linux.Mirai.1
Sangfor	Suspicious.Linux.Save.a
Arcabit	Trojan.Linux.Mirai.1
Symantec	Linux.Mirai
ESET-NOD32	Linux/Mirai_AGen.MH trojan
TrendMicro-HouseCall	Possible_MIRAI.SMLBO14
Avast	ELF:Mirai-CVR [Trj]
ClamAV	Unix.Trojan.Mirai-6981989-0
Kaspersky	HEUR:Backdoor.Linux.Mirai.b
BitDefender	Trojan.Linux.Mirai.1
MicroWorld-eScan	Trojan.Linux.Mirai.1
Rising	Backdoor.Mirai/Linux!8.13285 (CLOUD)
Emsisoft	Trojan.Linux.Mirai.1 (B)
F-Secure	Malware.ANDROID/AVE.Mirai.ypbdb
DrWeb	Linux.Mirai.9739
TrendMicro	Possible_MIRAI.SMLBO14
Sophos	Mal/Generic-S
Ikarus	Trojan.Linux.Mirai
Avast-Mobile	ELF:Mirai-VK [Trj]
Google	Detected
Avira	ANDROID/AVE.Mirai.ypbdb
Antiy-AVL	Trojan/Linux.Mirai.b
Microsoft	Backdoor:Linux/Mirai.GW!MTB
GData	Trojan.Linux.Mirai.1
Varist	E32/Mirai.DR.gen!Eldorado
AhnLab-V3	Linux/Mirai03.Exp
Tencent	Backdoor.Linux.Mirai.wba
huorong	Trojan/Linux.Mirai.s
AVG	ELF:Mirai-CVR [Trj]
alibabacloud	Backdoor:Linux/Mirai.BPP

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File m68k

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample