ScreenShot
| Created | 2024.06.27 10:16 | Machine | s1_win7_x6401 |
| Filename | payload.bin | ||
| Type | ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, corrupted section header size | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Linux, Malicious, score, GenericRXHZ, Save, Metasploit, NetWorm, a variant of Linux, R014C0DEP24, Unix, Msfvenom, RevShell, ConnectBack, sFgboxio2HV, kqtyt, Siggen, Detected, ai score=99, ABRisk, FYHV, Static AI, Malicious ELF) | ||
| md5 | 48cc44c908f2b564daf679a93a7259b6 | ||
| sha256 | 9112ce1aac1c03ad109d47b834bd8784eb939ee2900ec993707771b0307f8a13 | ||
| ssdeep | 6:BnX//In8/r1uBxHocmTWzQ3RQdygg5XJYD:BvwncrAH3m6I532D | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to modify browser security settings |
| watch | Harvests credentials from local email clients |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsELF | Executable and Linking Format executable file (Linux/Unix) | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|