Managed XDR

00000000.zip (Koadic) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла: 00000000.zip
Тип файла: Zip archive data, at least v2.0 to extract
Размер файла: 29 KB
Первое обнаружение: 2026-05-27 07:00
Последнее обнаружение: 2026-05-27 07:00

Окружение

w10/x64 en

Хеши

SHA1: b6ff506f2341aaec2c22dc2da38e9bb4bf5b45b6
SHA256: 2967343460e2b3f8626a89dacd0a5408816fd7ae808a007645f99b097d54f012
MD5: 149b95e4c70d60d545fb8b6455ba90de

Вредоносное ПО

Koadic

Сигнатуры

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

T1059.001 url_cmdline: Cmdline of process contains URL

T1059.003 suspicious_batch: Suspicious batch

T1059.003 url_cmdline: Cmdline of process contains URL

Persistence

T1197 bitsadmin_download: Downloads a file using bitsadmin

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension

T1197 bitsadmin_download: Downloads a file using bitsadmin

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers

T1497.002 antivm_usbstor: Reads information about usbdevices from regkey

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1518 locates_browser: Attempts to identify where browsers are installed

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers

T1497.002 antivm_usbstor: Reads information about usbdevices from regkey

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

yara_rules: Static rules

network_bind: Starts servers listening at None

pdf_compressed_stream: Contains an object with compressed stream

creates_suspended_process: Creates suspended process

suspicious_network_port: Performs TCP or UDP request to non-standard port

test_check_service: Starts services