Managed XDR

vtdl_1742029197_26fwyxzh (FlawedGrace) — malware analysis report

File info

Filename
vtdl_1742029197_26fwyxzh
File type
MS-DOS executable
File size
640 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
60554353311ace1d5965dc734ffae5fa20a32b00
SHA256
3e604944f78708809cbd39b9cdfad5102573220609d30a5166b83bbb97829758
MD5
bfc058356b834f4a94b3d7df1f7744ce

Malwares

  • FlawedGrace

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
pe_overlay: PE file contains overlay

Related reports