General
-
Target
748b112881047820f530c202bb59488e.exe
-
Size
4.0MB
-
Sample
210926-sfcayaehfn
-
MD5
748b112881047820f530c202bb59488e
-
SHA1
edf77f969bf54a47b21e6179cbcabb4651706d7c
-
SHA256
82285ac0988c68f9b9ecc7649cb9c6a3f3ecb242dd198465dbd4236d7fa6a59c
-
SHA512
252640d935ce3c7885fa48496b1b9c405f5dc9e719eda9c965d5fec46f877c00a7d96b14acf7410fbef9dbbfa9723932b54cdc75084fdd54e492eaa8d6f37ad6
Static task
static1
Behavioral task
behavioral1
Sample
748b112881047820f530c202bb59488e.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
748b112881047820f530c202bb59488e.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
748b112881047820f530c202bb59488e.exe
-
Size
4.0MB
-
MD5
748b112881047820f530c202bb59488e
-
SHA1
edf77f969bf54a47b21e6179cbcabb4651706d7c
-
SHA256
82285ac0988c68f9b9ecc7649cb9c6a3f3ecb242dd198465dbd4236d7fa6a59c
-
SHA512
252640d935ce3c7885fa48496b1b9c405f5dc9e719eda9c965d5fec46f877c00a7d96b14acf7410fbef9dbbfa9723932b54cdc75084fdd54e492eaa8d6f37ad6
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Drops file in System32 directory
-