Managed XDR

vtdl_1753795247_8btgyc2w (FlawedGrace) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1753795247_8btgyc2w
Тип файла
MS-DOS executable
Размер файла
996 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
0b14cd79688fdadf7534f4894ed3b3d5e305cc30
SHA256
c5449a0c97a280570164404dbfea867b28e24f3af7c084a5438a547a70c10be7
MD5
596d249cf889df88860b9f6e0386b6db

Вредоносное ПО

  • FlawedGrace

Сигнатуры

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antivm_queries_computername: Retrieves the computer name
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
message_box: Displays a message

Похожие отчёты

Managed XDR