Managed XDR

vtdl_yyn9uswn — malware analysis report

File info

Filename
vtdl_yyn9uswn
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
4.1 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
9b8c883ec2d97e2322f79f27aa70aab5851ee498
SHA256
a49d77f977e231c08eaa8d1a76b398fd717ea1306e72b17cf3fbe3a3f3428ba3
MD5
847dd0857a9683ef63f1efb86b143d0a

Signatures

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Command and Control

T1102.003 cloud_discord: Connects to cloud services of Discord (potentially for malicious payload delivery)

Other

ip_domains: Identifies an IP address using external resources
dns_without_resolve: DNS query without a response
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
suspicious_network_port: Performs TCP or UDP request to non-standard port
pe_overlay: PE file contains overlay
suricata_alert: Malicious traffic detected