Managed XDR

vtdl_1744436670_w3bm7o0o — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
vtdl_1744436670_w3bm7o0o
Тип файла
PE32 executable (GUI) Intel 80386, for MS Windows
Размер файла
514 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
e227255a650a4a92515d1ab0211c179ac7466aec
SHA256
81bd3fb3f2b0f007b8bf5da1118727c61116a411a22a10af22885ca9756c4da0
MD5
ff2f6eed5c07353872b02cbefb9e0569

Сигнатуры

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1070.004 deletes_self: Moves to different location or removes the original executable file
T1497 antidbg_setinformationthread: Attempts to evade debugger using NtSetInformationThread
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1552 infostealer_browser: Retrieves personal information from local Internet browsers
T1503 infostealer_browser: Retrieves personal information from local Internet browsers

Discovery

T1497 antidbg_setinformationthread: Attempts to evade debugger using NtSetInformationThread
T1518 locates_browser: Attempts to identify where browsers are installed

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path