Overview

overview

10

Static

static

vv.exe

windows7_x64

1

vv.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vv.exe

  • Size

    4.0MB

  • Sample

    210910-3wxlxsdghn

  • MD5

    9cadcadb612787dc6c2e9901ffe49dec

  • SHA1

    dfaeffadd7767ea23cabc31a59ae2cd461abf00f

  • SHA256

    6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb

  • SHA512

    e7d908a73e85965359169b9d3e14ec3f1f81218354aa09a8d6c027be230e30c4f334122b933579ce6ad35e5eaffc01c6d8124e5f1a11671b7f6b36549d55beff

Score
10/10
servhelperxmrigbackdoorminerpersistencetrojan

Malware Config

Targets

    • Target

      vv.exe

    • Size

      4.0MB

    • MD5

      9cadcadb612787dc6c2e9901ffe49dec

    • SHA1

      dfaeffadd7767ea23cabc31a59ae2cd461abf00f

    • SHA256

      6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb

    • SHA512

      e7d908a73e85965359169b9d3e14ec3f1f81218354aa09a8d6c027be230e30c4f334122b933579ce6ad35e5eaffc01c6d8124e5f1a11671b7f6b36549d55beff

    Score
    10/10
    servhelperxmrigbackdoorminerpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Sets DLL path for service in the registry

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks