Managed XDR

vtdl_1741345812_qwyf2dnt (TrickBot) — malware analysis report

File info

Filename
vtdl_1741345812_qwyf2dnt
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
3.4 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
48b1581265b6f4eb47c8859527f9a3591447dd85
SHA256
fd5ea0f9630ea01b577c8ffe235a2ec9b8a43695ae7dc9d044e7af91626f09da
MD5
ee7485a166a776cef6a98f735c3ef2ca

Malwares

  • TrickBot

Signatures

Privilege Escalation

T1055.012 injection_runpe: Injects code into another process
T1055 sets_debug_registers: Sets debug registers for a thread in a different process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1055.012 injection_runpe: Injects code into another process
T1055 sets_debug_registers: Sets debug registers for a thread in a different process
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1070 stealth_window: A process created a hidden window
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process

Related reports