Managed XDR
Group-IB MDP Report
File info
Filename: 18512994ab3c8be993aeb64885918df4485d942920063aeb07bd559437945ef4-dropped.bin
File Type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
File Size: 5.1 MB
Env info
win7/x64 en
Hashes
SHA1: 7d28b38beab59a70f9b112e6677bd0ef17a370e3
SHA256: 18512994ab3c8be993aeb64885918df4485d942920063aeb07bd559437945ef4
MD5: 5995eba989d33e64c2cc48456179a049
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1503 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files
T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager
Discovery
T1518 locates_browser: Attempts to identify where browsers are installed
Collection
T1074.001 access_recyclebin: Manipulation with recyclebin detected
Other
yara_rules: Static rules
creates_exe: Creates executable files in the file system
creates_der: Creates a certificate file (DER)
creates_doc: Creates (office) documents in the file system
creates_in_programdata: Creates files in the ProgramData directory
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay
next report: d593cea0-785b-4e1b-a480-401f3dbba252
previous report: 22f1d335-adad-4f71-8236-b478b485a218
Managed XDR