ScreenShot
| Created | 2023.03.05 07:28 | Machine | s1_win7_x6403_us |
| Filename | i | ||
| Type | ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | d533e4a1985ee9df9eb60e8bc4e0904d | ||
| sha256 | 606d278b2e75119296bf48721ae72deec87912742ce4d9920bf565521de4dcb0 | ||
| ssdeep | 6144:p3lOYoaja8xzx/0wsxzSiOabE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzXOabEDSDP99zBa/HKqoPqOJ | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | One or more processes crashed |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Eir_D1000_Wireless_Router_Vulnerability_Zero | Eir D1000 Wireless Router - WAN Side Remote Command Injection | binaries (download) |
| danger | Mozi_botnet_IoT_malware | Mozi botnet IoT malware | binaries (download) |
| watch | SUSP_ELF_LNX_UPX_Compressed_File | Detects a suspicious ELF binary with UPX compression | binaries (download) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsELF | Executable and Linking Format executable file (Linux/Unix) | binaries (download) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Executable and linking format (ELF) file download
ET INFO TLS Handshake Failure
ET POLICY Executable and linking format (ELF) file download
ET INFO TLS Handshake Failure