servhelper | 4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398 | Triage

Submit
Reports

Overview

overview

Static

static

8

4bd7686dfd...98.exe

windows7_x64

1

4bd7686dfd...98.exe

windows10-2004_x64

Sharing

General

Target

4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398
Size

3.2MB
Sample

220503-x4jr5saga2
MD5

337e4fd5e423ee5e716ed7ee270bcd00
SHA1

6390cf1f9b5a7e5dc3494d603c634e8b5c9b6233
SHA256

4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398
SHA512

e44814ffdfda11c7f2461b3ec8fa587bf2ca28b8f48b28a9bf103d5a3faf3e5293995c88e8e625eb71f856b5e5160f52ef011a5decd3acd4b1029aa63591e724

Score

10^/10

servhelper backdoor discovery exploit persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398.exe

Resource

win10v2004-20220414-en

servhelper backdoor discovery exploit persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398
- Size
  
  3.2MB
- MD5
  
  337e4fd5e423ee5e716ed7ee270bcd00
- SHA1
  
  6390cf1f9b5a7e5dc3494d603c634e8b5c9b6233
- SHA256
  
  4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398
- SHA512
  
  e44814ffdfda11c7f2461b3ec8fa587bf2ca28b8f48b28a9bf103d5a3faf3e5293995c88e8e625eb71f856b5e5160f52ef011a5decd3acd4b1029aa63591e724
Score

10^/10

servhelper backdoor discovery exploit persistence trojan upx
- ServHelper
  ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
  trojan backdoor servhelper
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

servhelperbackdoordiscoveryexploitpersistencetrojanupx

© 2018-2024

Terms | Privacy