Overview

overview

10

Static

static

fa984c86c9...d6.exe

windows7_x64

10

fa984c86c9...d6.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa984c86c9ffa1933559eaaf67b927b2b389a71977754f68841a2cde9e065ed6

  • Size

    4.5MB

  • Sample

    220131-12cgtsdbe5

  • MD5

    6e25c5952efe42d73b7d20ed3d48199b

  • SHA1

    ffc74cf6eebcf8129bc565aec41b41e7b1f84e0c

  • SHA256

    fa984c86c9ffa1933559eaaf67b927b2b389a71977754f68841a2cde9e065ed6

  • SHA512

    8ebb2206cbc8605613d894930e8982b0a424e1f8be3ad649b0237c78dfe4f75ff1691958e9a91f83286407466852c5199ec913d9cf1fd1ecaa0cde5eb8af5bb6

Score
10/10
servhelperbackdoordiscoveryexploitpersistencetrojanupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Targets

    • Target

      fa984c86c9ffa1933559eaaf67b927b2b389a71977754f68841a2cde9e065ed6

    • Size

      4.5MB

    • MD5

      6e25c5952efe42d73b7d20ed3d48199b

    • SHA1

      ffc74cf6eebcf8129bc565aec41b41e7b1f84e0c

    • SHA256

      fa984c86c9ffa1933559eaaf67b927b2b389a71977754f68841a2cde9e065ed6

    • SHA512

      8ebb2206cbc8605613d894930e8982b0a424e1f8be3ad649b0237c78dfe4f75ff1691958e9a91f83286407466852c5199ec913d9cf1fd1ecaa0cde5eb8af5bb6

    Score
    10/10
    servhelperbackdoordiscoveryexploitpersistencetrojanupx

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

      exploit

    • Sets DLL path for service in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks