Overview

overview

10

Static

static

748b112881...8e.exe

windows7_x64

1

748b112881...8e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    748b112881047820f530c202bb59488e.exe

  • Size

    4.0MB

  • Sample

    210926-r8qtcsfac4

  • MD5

    748b112881047820f530c202bb59488e

  • SHA1

    edf77f969bf54a47b21e6179cbcabb4651706d7c

  • SHA256

    82285ac0988c68f9b9ecc7649cb9c6a3f3ecb242dd198465dbd4236d7fa6a59c

  • SHA512

    252640d935ce3c7885fa48496b1b9c405f5dc9e719eda9c965d5fec46f877c00a7d96b14acf7410fbef9dbbfa9723932b54cdc75084fdd54e492eaa8d6f37ad6

Score
10/10
servhelperxmrigbackdoorminerpersistencetrojan

Malware Config

Targets

    • Target

      748b112881047820f530c202bb59488e.exe

    • Size

      4.0MB

    • MD5

      748b112881047820f530c202bb59488e

    • SHA1

      edf77f969bf54a47b21e6179cbcabb4651706d7c

    • SHA256

      82285ac0988c68f9b9ecc7649cb9c6a3f3ecb242dd198465dbd4236d7fa6a59c

    • SHA512

      252640d935ce3c7885fa48496b1b9c405f5dc9e719eda9c965d5fec46f877c00a7d96b14acf7410fbef9dbbfa9723932b54cdc75084fdd54e492eaa8d6f37ad6

    Score
    10/10
    servhelperxmrigbackdoorminerpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Sets DLL path for service in the registry

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks