Managed XDR
Group-IB MDP Report
File info
Filename: vtdl_1731293861_5i_kuxdu
File Type: Zip archive data, at least v2.0 to extract
File Size: 258.2 KB
Env info
win7/x86 en
Hashes
SHA1: 4127c9a30038d666423f32b9941803415eaedd8b
SHA256: 807aaf154274fef4e81deef96d3a2b99d3c0938ee389e88a2653b740e1ad26e8
MD5: 49737f38c734c005142787d25c63ef2d
Malwares
RedLine Stealer
Signatures
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
only_exec_in_archive: The archive contains only an executable file
no_graphical_activity: No graphic activity
net_dumps_in_native: .Net dumps have been found in native PE
has_pdb: This executable file has a PDB path
get_policy_info: Retrieves information about a Policy object
next report: 9cf33d90-f373-46ef-8c0a-2f40d4c8b1a9
previous report: 5fb5db2b-a179-42ba-8551-749e981a349e
Managed XDR