Managed XDR

vtdl_1743939777_yji_9wm5 (FlawedGrace) — malware analysis report

File info

Filename
vtdl_1743939777_yji_9wm5
File type
MS-DOS executable
File size
516 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
99a496f247d96e1a3b445f98388eb0d02d89c4df
SHA256
ee8a35832a641eb67a50df78d99caff4680d4a436676517e8bc176a22c38f5f1
MD5
0099b535b67e5d867ed2ee5a194554b8

Malwares

  • FlawedGrace

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message

Related reports

Managed XDR