Managed XDR

vtdl_cgf9ittg (Egregor, Tinba) — malware analysis report

File info

Filename
vtdl_cgf9ittg
File type
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File size
792 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
67f3c2198c722d23488b77e777b422e7518bc212
SHA256
6dbe1d2de299359036520f15490834a6ac40b665cf5cd249379d65242af00b44
MD5
34f30af17c0243d83cac675e43f42c95

Malwares

  • Egregor
  • Tinba

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Defense Evasion

T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1027.001 static_overlay_padding: Overlay contents padding

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
pe_overlay: PE file contains overlay

Related reports