General
-
Target
6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b
-
Size
4.6MB
-
Sample
211208-ny9xpsaahq
-
MD5
5dec7029dda901f99d02a1cb08d6b3ab
-
SHA1
8561c81e8fab7889eb13ab29450bed82878e78c9
-
SHA256
6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b
-
SHA512
09e5856113a7b073568e878d1de74c834e318dd05b95afe8729a3008b4cc1efc0b1a6a9c21b25c0b1dadec3d6de5b5bc4ef84523f454591717b6f24fe5dffaca
Static task
static1
Behavioral task
behavioral1
Sample
6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b.exe
Resource
win10-en-20211104
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b
-
Size
4.6MB
-
MD5
5dec7029dda901f99d02a1cb08d6b3ab
-
SHA1
8561c81e8fab7889eb13ab29450bed82878e78c9
-
SHA256
6a61b992773f571c45f2d1087a56817dd5c1f3a90ca2965cc5c7319b33f3890b
-
SHA512
09e5856113a7b073568e878d1de74c834e318dd05b95afe8729a3008b4cc1efc0b1a6a9c21b25c0b1dadec3d6de5b5bc4ef84523f454591717b6f24fe5dffaca
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-