servhelper | c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49 | Triage

Submit
Reports

Overview

overview

Static

static

8

c88f2ff5e0...49.exe

windows7_x64

1

c88f2ff5e0...49.exe

windows10-2004_x64

Sharing

General

Target

c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49
Size

3.2MB
Sample

220417-rkzrcsadf3
MD5

9a3b8737a54ec78cd176fefa99845382
SHA1

d5050cf9f103b4c4a2210079ce41e534548c73b0
SHA256

c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49
SHA512

06f77e46c757b63b75e1fca81725163d82b139b83105a8638010d1ed150509da54cdeff0f7562eef02dfe11347eee09023454e641fc94d50ac06793466becf16

Score

10^/10

servhelper backdoor discovery exploit persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49.exe

Resource

win10v2004-20220414-en

servhelper backdoor discovery exploit persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49
- Size
  
  3.2MB
- MD5
  
  9a3b8737a54ec78cd176fefa99845382
- SHA1
  
  d5050cf9f103b4c4a2210079ce41e534548c73b0
- SHA256
  
  c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49
- SHA512
  
  06f77e46c757b63b75e1fca81725163d82b139b83105a8638010d1ed150509da54cdeff0f7562eef02dfe11347eee09023454e641fc94d50ac06793466becf16
Score

10^/10

servhelper backdoor discovery exploit persistence trojan upx
- ServHelper
  ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
  trojan backdoor servhelper
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

servhelperbackdoordiscoveryexploitpersistencetrojanupx

© 2018-2024

Terms | Privacy