Managed XDR
Group-IB MDP Report
File info
Filename: stansberry_subscribers.txt.lnk
File Type: MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=70, ctime=Mon Jan 1 00:00:00 1601, mtime=Mon Jan 1 00:00:00 1601, atime=Mon Jan 1 00:00:00 1601, length=0, window=hidenormalshowminimized
File Size: 1.5 KB
Env info
win7/x86 en
Hashes
SHA1: b6464709cd0563ee801923db97f3386217ed3cdb
SHA256: 0578f75fac520b140c5d04dc9250b499c289601b5d60d2b565acb559f8d9e95c
MD5: 18a377fb2342d500be2d51e0785e8b02
Signatures
Execution
T1204 suspicious_lnk: LNK file with suspicious content
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1503 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1552 infostealer_mail: Collects personal data from local email clients
T1552 cookie_files: Accesses cookie files
T1555.003 cookie_files: Accesses cookie files
T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager
Discovery
T1083 crawls_directories: Opens a huge number of directories all over disk C: (possibly, searches for sensitive data)
T1497.001 antivm_disk_size: Checks the amount of free disk space
T1518 locates_browser: Attempts to identify where browsers are installed
Collection
T1114 infostealer_mail: Collects personal data from local email clients
Other
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
next report: d27b9134-a455-461e-80e3-257dfa3e2d3b
previous report: 418141b0-a7a2-47c2-9a08-afd95a0988dd
Managed XDR