General
-
Target
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e
-
Size
2.9MB
-
Sample
220701-rj1bhahcb7
-
MD5
cc47bc788a58c510b00a5b288769a943
-
SHA1
184478b1e91d3354f5981c19e615bec766c38fab
-
SHA256
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e
-
SHA512
ddf966d08c8de80ff86f222a4b794d9b0afeb3a1c88070452d086a3e61b8e8c0d65b40afbd2c28f1c0ca9d8f3947a1d9d485177290e0a745091908337dd0e1e6
Static task
static1
Behavioral task
behavioral1
Sample
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e
-
Size
2.9MB
-
MD5
cc47bc788a58c510b00a5b288769a943
-
SHA1
184478b1e91d3354f5981c19e615bec766c38fab
-
SHA256
b230e191857ee2dcb34b7fb163bcfbda42a31d0c0be5f1c93f4b0057a2bf2c3e
-
SHA512
ddf966d08c8de80ff86f222a4b794d9b0afeb3a1c88070452d086a3e61b8e8c0d65b40afbd2c28f1c0ca9d8f3947a1d9d485177290e0a745091908337dd0e1e6
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-