General
-
Target
aa80d5960e65ac46ad446c09c1a17608.exe
-
Size
6.0MB
-
Sample
210603-9n2lmnekgn
-
MD5
aa80d5960e65ac46ad446c09c1a17608
-
SHA1
c2468b1792e5ecef461d2d89470e8438c05cce24
-
SHA256
857ddc8de567afa19f5bc9236f6cf3681e46919530f90acc25ff36112564432c
-
SHA512
07e15d76dc1940e0b3a926cfa6a5d92760525ae7f9e54bc8c691f1c9ea8af71ffe818aa347857a5c1435316d152a262a1875f03f465bc7be36a10e73bab6022b
Static task
static1
Behavioral task
behavioral1
Sample
aa80d5960e65ac46ad446c09c1a17608.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
aa80d5960e65ac46ad446c09c1a17608.exe
Resource
win10v20210410
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
aa80d5960e65ac46ad446c09c1a17608.exe
-
Size
6.0MB
-
MD5
aa80d5960e65ac46ad446c09c1a17608
-
SHA1
c2468b1792e5ecef461d2d89470e8438c05cce24
-
SHA256
857ddc8de567afa19f5bc9236f6cf3681e46919530f90acc25ff36112564432c
-
SHA512
07e15d76dc1940e0b3a926cfa6a5d92760525ae7f9e54bc8c691f1c9ea8af71ffe818aa347857a5c1435316d152a262a1875f03f465bc7be36a10e73bab6022b
-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-