Managed XDR
Group-IB MDP Report
File info
Filename: qu6839.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 495.5 KB
Env info
win7/x86 en
Hashes
SHA1: 5959157428111844e8dd895dd1ca23d95b1ef63c
SHA256: 9ba38864475ad08db8b2dae016e6284d0e7551e5736ed05e4160d28b2ca744bb
MD5: e7260a946cf2a959f1db5f32d2ac2e73
Malwares
RedLine Stealer
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
creates_exe: Creates executable files in the file system
dead_host: Connects to IP addresses that do not respond to requests
executes_dropped_exe: Executes dropped exe files
no_graphical_activity: No graphic activity
origin_langid: Unconventional language of the executable file
get_policy_info: Retrieves information about a Policy object
next report: f23b350b-b5dd-4893-8045-1b5f915f9101
previous report: 7bd7d126-8757-42f8-b0ac-a78c2e6a0b49
Managed XDR