General
-
Target
44d42138d67d0e52c3c26cb726bc8f39
-
Size
4.2MB
-
Sample
211013-waklxaefaq
-
MD5
44d42138d67d0e52c3c26cb726bc8f39
-
SHA1
2613e0e464b334ed66e34a8cffc174c5603dd1d9
-
SHA256
074d3a0bcfb3d4b0b179a2495004fb95947de60ce002fded7af1d1781add9d2b
-
SHA512
9d59b4dfb96bbe5b59f1b5c0561dafd8fe3f2fb1ababf4e7a384577ddf63adb703802187e7a7bfd671c4fd67e84214bb2b3283edae85e0f2a424148d9e0be1fa
Malware Config
Targets
-
-
Target
44d42138d67d0e52c3c26cb726bc8f39
-
Size
4.2MB
-
MD5
44d42138d67d0e52c3c26cb726bc8f39
-
SHA1
2613e0e464b334ed66e34a8cffc174c5603dd1d9
-
SHA256
074d3a0bcfb3d4b0b179a2495004fb95947de60ce002fded7af1d1781add9d2b
-
SHA512
9d59b4dfb96bbe5b59f1b5c0561dafd8fe3f2fb1ababf4e7a384577ddf63adb703802187e7a7bfd671c4fd67e84214bb2b3283edae85e0f2a424148d9e0be1fa
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Drops file in System32 directory
-