Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1734585223_gzihtpmh
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 338.5 KB
Env info
win7/x86 en
Hashes
SHA1: fa92c75efee4d798fbc3b6a146cd6aad5f708476
SHA256: e0901be4cbebcb0364b3f1d2e39fa744e956396ab0a8f64cb908c99dc20c5c60
MD5: 025d8eda9e2e604c13aa2056cb74a469
Malwares
Sodinokibi
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
creates_in_windows: Creates files in the Windows directory
copies_self: Creates a copy of itself
no_graphical_activity: No graphic activity
create_rpc_bindings: Creates RPC connection
checktokenmembership: Checks user token with CheckTokenMembership call
next report: 70e06139-80fa-4e34-9d9c-fc6e415202de
previous report: c4e6f273-322c-4831-9d98-7382bbbe8254
Managed XDR