General
-
Target
00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee
-
Size
3.2MB
-
Sample
220502-sz6nwsgcg6
-
MD5
92a57e8a84eb3be8af9c64753c30781b
-
SHA1
bd0717580833a366d3c2b4f8b368095714c4c98d
-
SHA256
00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee
-
SHA512
dd3bcb529dfaab3470c62ee263cef66a3675cd3375d6f8b043b67f2a22564f86d0318c4fc79ad87e0579d2ceff93677745fecdab926141d5687ee3b5cb5753c2
Malware Config
Targets
-
-
Target
00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee
-
Size
3.2MB
-
MD5
92a57e8a84eb3be8af9c64753c30781b
-
SHA1
bd0717580833a366d3c2b4f8b368095714c4c98d
-
SHA256
00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee
-
SHA512
dd3bcb529dfaab3470c62ee263cef66a3675cd3375d6f8b043b67f2a22564f86d0318c4fc79ad87e0579d2ceff93677745fecdab926141d5687ee3b5cb5753c2
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-