Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 16, 2023, 10:55 a.m.	Oct. 16, 2023, 11:16 a.m.

Size	49.5KB
Type	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=35832871cca94970e54175a56e51862b855729db, not stripped
MD5	`f394ecfbd02494369cd4cca7a70059fa`
SHA256	`9701ae7249aa394624bf33096e3f5dd2be0bb778debba3364f5277a50874cc31`
CRC32	`1D684604`
ssdeep	`1536:s74JwfL5zuNOOgHn9kR16Utxp3fCFUutbbT:i3L5zuNNgHCCFUsvT`
Yara	IsELF - Executable and Linking Format executable file (Linux/Unix)

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "pVEVxBM" C:\Users\test22\AppData\Local\Temp\ns3.jpg
2052

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Lionic	Trojan.Linux.Tsunami.4!c
Elastic	Linux.Trojan.Tsunami
MicroWorld-eScan	Generic.Malware.GJIRTFg.06A56C72
FireEye	Generic.Malware.GJIRTFg.06A56C72
McAfee	RDN/Generic BackDoor
VIPRE	Generic.Malware.GJIRTFg.06A56C72
Sangfor	Suspicious.Linux.Save.a
K7GW	Trojan ( 0040f0e01 )
Symantec	Linux.Backdoor.Kaiten
ESET-NOD32	a variant of Linux/Tsunami.NAL
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.Linux.Tsunami.bh
BitDefender	Generic.Malware.GJIRTFg.06A56C72
NANO-Antivirus	Trojan.Elf64.Tsunami.jybodq
Tencent	Backdoor.Linux.Tsunami.x
F-Secure	Malware.LINUX/Flooder.ciszq
DrWeb	Linux.Siggen.9999
Sophos	Linux/Tsunami-A
Ikarus	Trojan.Linux.Tsunami
Varist	E64/ABRisk.GGAT-5
Avira	LINUX/Flooder.ciszq
Antiy-AVL	Trojan/Linux.Tsunami.a
Kingsoft	Script.Ks.Malware.3227
Arcabit	Generic.Malware.GJIRTFg.06A56C72
ZoneAlarm	HEUR:Backdoor.Linux.Tsunami.bh
Avast-Mobile	ELF:Tsunami-FN [Trj]
Google	Detected
AhnLab-V3	Linux/Tsunami.Gen
ALYac	Generic.Malware.GJIRTFg.06A56C72
MAX	malware (ai score=82)
Rising	Backdoor.Tsunami/Linux!1.A1B2 (CLASSIC)
SentinelOne	Static AI - Malicious ELF
Fortinet	ELF/Katien.R!tr

ns3.jpg