servhelper | 6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb
Size

4.0MB
Sample

210910-s2qepaacf5
MD5

9cadcadb612787dc6c2e9901ffe49dec
SHA1

dfaeffadd7767ea23cabc31a59ae2cd461abf00f
SHA256

6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb
SHA512

e7d908a73e85965359169b9d3e14ec3f1f81218354aa09a8d6c027be230e30c4f334122b933579ce6ad35e5eaffc01c6d8124e5f1a11671b7f6b36549d55beff

Score

10^/10

servhelper xmrig backdoor miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb.exe

Resource

win10-en

servhelper xmrig backdoor miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb
- Size
  
  4.0MB
- MD5
  
  9cadcadb612787dc6c2e9901ffe49dec
- SHA1
  
  dfaeffadd7767ea23cabc31a59ae2cd461abf00f
- SHA256
  
  6d6134155811eb82705509295bd4b87c6aaad43c1b54048c20d3cbf680494dfb
- SHA512
  
  e7d908a73e85965359169b9d3e14ec3f1f81218354aa09a8d6c027be230e30c4f334122b933579ce6ad35e5eaffc01c6d8124e5f1a11671b7f6b36549d55beff
Score

10^/10

servhelper xmrig backdoor miner persistence trojan
- ServHelper
  ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
  trojan backdoor servhelper
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Sets DLL path for service in the registry
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Account Manipulation

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

servhelperxmrigbackdoorminerpersistencetrojan

© 2018-2025

Terms | Privacy