Managed XDR

vtdl_1770355646_cn0zbxq7 (Buhtrap) — malware analysis report

File info

Filename
vtdl_1770355646_cn0zbxq7
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
1012.5 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
3cb539e5d472a102852780536ddcba3e2e7f7adf
SHA256
7c9a421d0ced83542a30230674d2515e35a28045ad28f49b4c296f8310df4bb0
MD5
8a40bf47fbb6851f1ea6c8f5cb86bb9e

Malwares

  • Buhtrap

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.001 antivm_generic_productname: Checks system product name in registry, possibly for anti-virtualization

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
creates_suspended_process: Creates suspended process
test_check_service: Starts services

Related reports

Managed XDR