ScreenShot
| Created | 2025.03.12 11:30 | Machine | s1_win7_x6403 |
| Filename | GoldAge3ATOm68k | ||
| Type | ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (Linux, Mirai, Malicious, score, Save, a variant of Linux, Possible, SMLBO14, Unix, CLASSIC, Bootnet, Detected, ABApplication, Gen3) | ||
| md5 | bb0970d3af844bdb3252e4d471f1bf7a | ||
| sha256 | 0e5a52ab7b26d9c7cc4f617cd9ab7a3603cd0c151ec7c5de7808c48c8d274e9c | ||
| ssdeep | 768:7zeNUS1Ex8/m3183PMEGnR7SbBJkC6w9dk1Xw8TO:n3SOC/C2EEGnBS3kC6wrk1A8S | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to modify browser security settings |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local email clients |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Tries to locate where the browsers are installed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsELF | Executable and Linking Format executable file (Linux/Unix) | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
