Managed XDR
Group-IB MDP Report
File info
Filename: 87aeb4f49d459c1f42e27e91f33b9ac2.virus
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 603.5 KB
Env info
win7/x86 en
Hashes
SHA1: b416f3823e05d922bce139e2dab44e07f08537d3
SHA256: 1c1ecea31fc28b5f5638c9f2daf213d2556c92652fae8504dfcb51c8a3de0903
MD5: 87aeb4f49d459c1f42e27e91f33b9ac2
Malwares
Raccoon Stealer
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1480 system_default_lang_id_present: Checks the system language
Command and Control
T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp
Other
yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
suricata_alert: Malicious traffic detected
raccoon_stealer_mutexes: Raccoon Stealer is detected: mutex
next report: dae4f3e6-a8cf-404e-b45b-3033f3e5a0a1
previous report: f54090b0-b7f4-4221-9d94-ed715c13a4a0
Managed XDR