ScreenShot
| Created | 2021.04.13 10:26 | Machine | s1_win7_x6402 |
| Filename | loligang.spc | ||
| Type | ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (Unix, Mirai, Linux, Save, Camelot, a variant of Linux, SMBEM, Malicious, score, ckta, bonb, ai score=81, ASELF, Encoded, Gen10, CLASSIC, Gafgyt, susgen) | ||
| md5 | 1e73cf9148d10aef910af3800a6330af | ||
| sha256 | 455e624cacd6251288643472fd0395d095f797c015cfa196317345681a26f345 | ||
| ssdeep | 1536:vsnCSemCLLWeKNJ+1kbOSYcpC636v/bcYSZBFFi:rS1+SYccv/gp/i | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_files_operation | Affect private profile | memory |
