General
-
Target
282e8186cec5ec821d89c7347f508aca3eb1e5c532200d50550e75972e5c33c8
-
Size
2.6MB
-
Sample
220524-rt9mxsaaar
-
MD5
44e86870c9402d8246dc9498e448e890
-
SHA1
fa3a1b3b5c40927dd43e949783b9f1078122b1f7
-
SHA256
282e8186cec5ec821d89c7347f508aca3eb1e5c532200d50550e75972e5c33c8
-
SHA512
5e459ef56d59be710e6b2464f7cbc8553f2f932fd499477829a4fe27a42ed1467331e4ea6eaee0dfeddf692ef0763e1035c8f9ab32e419cd9dec950d8f37cd0f
Malware Config
Targets
-
-
Target
282e8186cec5ec821d89c7347f508aca3eb1e5c532200d50550e75972e5c33c8
-
Size
2.6MB
-
MD5
44e86870c9402d8246dc9498e448e890
-
SHA1
fa3a1b3b5c40927dd43e949783b9f1078122b1f7
-
SHA256
282e8186cec5ec821d89c7347f508aca3eb1e5c532200d50550e75972e5c33c8
-
SHA512
5e459ef56d59be710e6b2464f7cbc8553f2f932fd499477829a4fe27a42ed1467331e4ea6eaee0dfeddf692ef0763e1035c8f9ab32e419cd9dec950d8f37cd0f
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-