Managed XDR

f-2022-virusshare_0041...03a8ed22df4d975a280ead (Grimagent) — malware analysis report

File info

Filename
f-2022-virusshare_00417-virusshare_af5afbe50203a8ed22df4d975a280ead
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
270.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
015b6b12960fe5bcbf835e91baa3dc3520568af1
SHA256
2c27d4c5dbc307a223f61540377e0dd87639dbeedbc66127f401a3e856df1130
MD5
af5afbe50203a8ed22df4d975a280ead

Malwares

  • Grimagent

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity

Related reports