Extracted

• • Target

    92068f4e5a7e704caf1fad1665121757.exe

  • Size

    6.0MB

  • MD5

    92068f4e5a7e704caf1fad1665121757

  • SHA1

    63af0fcb20bc4abb452c53455a9955dc210334bb

  • SHA256

    4411d8a69230284cb6238a2e8cf29878afbbef90935bb94d1a6f8d59af30c6cc

  • SHA512

    2e4688b7a1924cfab40984efa51533d1e712222ce9c11d00df9da19c65405840da6182068f16bc1a5fe74753d83ea2324bf3ff9e9e527726dc3e7cfd89aaa741

  Score

  10^/10

  servhelperbackdoordiscoveryexploitpersistencetrojanupx

  • ServHelper

    ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

    trojanbackdoorservhelper

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Blocklisted process makes network request

  • Modifies RDP port number used by Windows

  • Possible privilege escalation attempt

    exploit

  • Sets DLL path for service in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2