Managed XDR

vtdl_1753795247_8btgyc2w (FlawedGrace) — malware analysis report

File info

Filename
vtdl_1753795247_8btgyc2w
File type
MS-DOS executable
File size
996 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
0b14cd79688fdadf7534f4894ed3b3d5e305cc30
SHA256
c5449a0c97a280570164404dbfea867b28e24f3af7c084a5438a547a70c10be7
MD5
596d249cf889df88860b9f6e0386b6db

Malwares

  • FlawedGrace

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message

Related reports

Managed XDR