Report - kitten

ScreenShot

Info
Location map


Created	2021.04.23 10:54	Machine	s1_win7_x6401
Filename	kitten
Type	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
AI Score	Not founds	Behavior Score	3.8
ZERO API	file : malware
VT API (file)	29 detected (Linux, Save, CoinMiner, Camelot, a variant of Linux, MALXMR, SMDSL64, BitCoinMiner, Multios, Miner, RiskTool, Elf64, iikikh, Wnwf, Malware@#2mjk2per7sf2m, Tool, BtcMine, gshxy, ai score=99, G76WI3, Malicious, score, Gen2, HackTool, XMRMiner, CLASSIC)
md5	60b5637b9b22819fab90982f01a36d25
sha256	b50a6cd058bc0161b847c553b6631e55d5f6dd69e2d2e78f82938aeb6ba4dd26
ssdeep	98304:+WQHP39EyyizGj3j/jM8MMM8MMMMMwMMwbvUvUvkGjrGjDjS62ivVI+Vpv5bDr99:uOyCjp9Fb2HXOB4SlMpDC
imphash
impfuzzy

Network IP location

Signature (8cnts)

Level	Description
warning	File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch	Attempts to modify browser security settings
watch	Harvests credentials from local email clients
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger

Rules (10cnts)

Level	Name	Description	Collection
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	OS_Processor_Check_Zero	OS Processor Check Signature Zero	binaries (upload)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory
info	win_files_operation	Affect private profile	memory

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure