Managed XDR

vtdl_jpx3si_9 (LummaC2) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_jpx3si_9
Тип файла
Zip archive data, at least v2.0 to extract
Размер файла
243.8 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
1892692eefbf8362821c2713960bed439c88855b
SHA256
927b56fa14531d13dad17e23d1db423462658314fa0f9e12db321da7ed3756c9
MD5
d3b940d2e3855928d765942804e0d6e4

Вредоносное ПО

  • LummaC2

Сигнатуры

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
only_exec_in_archive: The archive contains only an executable file
process_crashed: One of the processes has failed
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
origin_langid: Unconventional language of the executable file
test_check_service: Starts services

Похожие отчёты