Managed XDR
Group-IB MDP Report
File info
Filename: 861-top.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 54.5 KB
Env info
win7/x86 en
Hashes
SHA1: a5eb82d5f16e160549c935343b819f586157a6ba
SHA256: 1916ebeaf51c4182b43fc8dbd754a99b1ca2341e62e5cd9eac3f39e652e0890e
MD5: 54fc3d072725dadc66e2bad23b4fcadf
Malwares
BlackMatter
Lockbit
DarkSide
Signatures
Privilege Escalation
T1134 sets_privilegies_via_rtladjustprivilege: Sets process privilege via RtlAdjustPrivilege
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 sets_privilegies_via_rtladjustprivilege: Sets process privilege via RtlAdjustPrivilege
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1503 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_mail: Collects personal data from local email clients
T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1552.001 infostealer_bitcoin: Attempts to obtain access to Bitcoin/ALTCoin wallets
T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files
Discovery
T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)
Collection
T1114 infostealer_mail: Collects personal data from local email clients
Other
yara_rules: Static rules
static_pe_duplicate_sections: The PE file structure contains anomalies: duplicate section names
require_administrator: Requests administrator privileges
next report: 6ec838e5-f476-4dde-9334-e2e431aebbb8
previous report: cfb16e18-73c0-463c-a23e-b74f26a1c4e3
Managed XDR