Managed XDR

vtdl_1742029197_26fwyxzh (FlawedGrace) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1742029197_26fwyxzh
Тип файла
MS-DOS executable
Размер файла
640 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
60554353311ace1d5965dc734ffae5fa20a32b00
SHA256
3e604944f78708809cbd39b9cdfad5102573220609d30a5166b83bbb97829758
MD5
bfc058356b834f4a94b3d7df1f7744ce

Вредоносное ПО

  • FlawedGrace

Сигнатуры

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message
pe_overlay: PE file contains overlay

Похожие отчёты