Managed XDR

vtdl_1741701204_ku_3bses (IcedID, Hupigon) — malware analysis report

File info

Filename
vtdl_1741701204_ku_3bses
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
456 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
86ad93a4c813dabee63168a370751e8164df4da3
SHA256
f3efb8c1bb5fe363d0734a2236ee54b191b12fa7f885d0a064dfaa840b4cc7a7
MD5
0ea92e870e8413f1d6eec9b855705eb9

Malwares

  • IcedID
  • Hupigon

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

yara_rules: Static rules
icedid_downloader: Detected downloader of banker IcedID
dns_without_resolve: DNS query without a response
no_graphical_activity: No graphic activity
suricata_alert: Malicious traffic detected

Related reports