Managed XDR

vtdl_1759474855_sq93jti4 (Coinminer) — malware analysis report

File info

Filename
vtdl_1759474855_sq93jti4
File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File size
3.5 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
82748f925d93022adc54538b32054e4c64b40974
SHA256
b9e34c0cbc47441e08b1447b8d506a447565131f8eb859afaa88569be4645482
MD5
19d2977c0ac71105b84b4c20662c44d9

Malwares

  • Coinminer

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 nsis_archive: One of the packages is NSIS archive
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
pe_overlay: PE file contains overlay

Related reports