Extracted

• • Target

    a33846e1244be6df8f052903ec1a2918.exe

  • Size

    6.0MB

  • MD5

    a33846e1244be6df8f052903ec1a2918

  • SHA1

    4b3ebbfe1cd16ec0a1f0a988d602fedb765307a6

  • SHA256

    6eca26fcfabbb12c6a37eb689de222e75b31574dd25e7fd3d8b446d700c40133

  • SHA512

    22f840e4d931ab69f4673e94938f7524fa793183cd3e35546dbc4c9482705d066b51bcdc05d590d8741613f23f57653ec6c9c88c8eebbcc5a734af3de862bd3d

  Score

  10^/10

  servhelperbackdoordiscoveryexploitpersistencetrojanupx

  • ServHelper

    ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

    trojanbackdoorservhelper

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Blocklisted process makes network request

  • Modifies RDP port number used by Windows

  • Possible privilege escalation attempt

    exploit

  • Sets DLL path for service in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2