ScreenShot
| Created | 2025.04.28 09:04 | Machine | s1_win7_x6403 |
| Filename | svchost.elf | ||
| Type | ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, with debug_info, not stripped | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (Linux, Meterpreter, GenericRXSE, Save, a variant of Linux, Unix, Mettle, FJv2RcBYggL, Tool, Swrort, Static AI, Malicious ELF, hiyx, Detected, Dakkatoni) | ||
| md5 | 0535b59306581834d6612cea220a0ad2 | ||
| sha256 | d8c0f65cc17e073544d7c7ce3631b810b56c3bb41861ba52de3ec7822379bbb0 | ||
| ssdeep | 24576:FhJf00ad4b8NfHjyiifPtrTN67j9f7DY7Kxy:vJf00adKqyiA1TNCRYX | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to modify browser security settings |
| watch | Harvests credentials from local email clients |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsELF | Executable and Linking Format executable file (Linux/Unix) | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|