General
-
Target
d3e9dfaece3d3b80d787bd37558d11d0033746114cb1baf4cadadaeb7c09588c
-
Size
2.6MB
-
Sample
220524-r68w6afba5
-
MD5
46ee7635d56bce4a798e33210c550229
-
SHA1
a937c3d1e97ea40d61c1f8a53310632044a57a84
-
SHA256
d3e9dfaece3d3b80d787bd37558d11d0033746114cb1baf4cadadaeb7c09588c
-
SHA512
76bdc9cde357e775e30b8bff22763142b709f035239b0b02fc8f4c26f84cbddc0a1ae928ae9d6eb73dbeec33b438584afc15fb1f64f0e1b52df89cf5003fea5a
Malware Config
Targets
-
-
Target
d3e9dfaece3d3b80d787bd37558d11d0033746114cb1baf4cadadaeb7c09588c
-
Size
2.6MB
-
MD5
46ee7635d56bce4a798e33210c550229
-
SHA1
a937c3d1e97ea40d61c1f8a53310632044a57a84
-
SHA256
d3e9dfaece3d3b80d787bd37558d11d0033746114cb1baf4cadadaeb7c09588c
-
SHA512
76bdc9cde357e775e30b8bff22763142b709f035239b0b02fc8f4c26f84cbddc0a1ae928ae9d6eb73dbeec33b438584afc15fb1f64f0e1b52df89cf5003fea5a
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-