Managed XDR

vtdl_1750436234_d1z9ltle — malware analysis report

File info

Filename
vtdl_1750436234_d1z9ltle
File type
MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=3, Archive, ctime=Tue Mar 19 04:44:16 2019, mtime=Tue Mar 19 04:44:16 2019, atime=Tue Mar 19 04:44:16 2019, length=280064, window=hidenormalshowminimized
File size
1.9 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
637470e8ba4a0956bbbe29fe8007127934f98dc4
SHA256
7ade8bbc8bba82394350fccb99d823849abdad5722a80b0db6e7c4c733a0f3a5
MD5
28a53fbd0820e7451832ac1a9cf05f19

Signatures

Execution

T1204 suspicious_lnk: LNK file with suspicious content

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 copies_utilities: Copies and runs system utility with different name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552.001 infostealer_bitcoin: Attempts to obtain access to Bitcoin/ALTCoin wallets

Other

creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
creates_suspended_process: Creates suspended process
get_policy_info: Retrieves information about a Policy object
test_check_service: Starts services
yara_rules: Static rules