Managed XDR

vtdl_1748129122_gccj4r8z — malware analysis report

File info

Filename
vtdl_1748129122_gccj4r8z
File type
Zip archive data, at least v2.0 to extract
File size
1.3 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
0fef4bb46ccf56671b6a8b7469bab3dc7e29802a
SHA256
192c868168d50d8ee6ca870aec5ae035bfa3777d9df1ae3544f89868cf2a8d5e
MD5
41f84d3e0302df5ca8547b4bad48325b

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
only_exec_in_archive: The archive contains only an executable file
no_graphical_activity: No graphic activity
require_administrator: Requests administrator privileges
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
checktokenmembership: Checks user token with CheckTokenMembership call
pe_overlay: PE file contains overlay
executes_dropped_exe: Executes dropped exe files