Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1744263201_2xuwh11x
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 265.5 KB
Env info
win7/x86 en
Hashes
SHA1: 62bfc566fa46fb38b509db1552190e11f7b37bd5
SHA256: 900cc29f6ec9d68e79d3f214eab7f853855869656ba29a0105be9c0f02771967
MD5: 42a31e65bc3e78bc9e81dd56903f9cbc
Malwares
RedLine Stealer
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Discovery
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
Other
yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
message_box: Displays a message
get_policy_info: Retrieves information about a Policy object
next report: 8cbbd27a-9f4b-4cbc-9a40-0e307bcb7190
previous report: b057022f-5255-498f-972c-a092572b7051
Managed XDR