General
-
Target
0d88cfa2c2d6f7bd237f0cfab2e075f2b3ee328b15c3980ca48f31c77f8f7204
-
Size
4.6MB
-
Sample
230129-v86flahb7z
-
MD5
fa68435c8733319fdc648b1ae7e76ff6
-
SHA1
afabe1cb32cc64d5c9d1dc3f8330da7cf1a3e2f0
-
SHA256
0d88cfa2c2d6f7bd237f0cfab2e075f2b3ee328b15c3980ca48f31c77f8f7204
-
SHA512
4b70d76ab9f9a48f719b4400ffab0ac9914e5e788d7513a9d06ba0593c9b3a7d16f3489ef121c2202a20be6238b76ea839ac5d19becabff196c2cbd6a8655ea1
-
SSDEEP
49152:n6S5QUskvRLmhAG5JyCE/Wi5MgmHG0G5vKuPIR+vFtP0/VjeYJ1E+kRU1:j5QUskvRCJW+
Malware Config
Targets
-
-
Target
0d88cfa2c2d6f7bd237f0cfab2e075f2b3ee328b15c3980ca48f31c77f8f7204
-
Size
4.6MB
-
MD5
fa68435c8733319fdc648b1ae7e76ff6
-
SHA1
afabe1cb32cc64d5c9d1dc3f8330da7cf1a3e2f0
-
SHA256
0d88cfa2c2d6f7bd237f0cfab2e075f2b3ee328b15c3980ca48f31c77f8f7204
-
SHA512
4b70d76ab9f9a48f719b4400ffab0ac9914e5e788d7513a9d06ba0593c9b3a7d16f3489ef121c2202a20be6238b76ea839ac5d19becabff196c2cbd6a8655ea1
-
SSDEEP
49152:n6S5QUskvRLmhAG5JyCE/Wi5MgmHG0G5vKuPIR+vFtP0/VjeYJ1E+kRU1:j5QUskvRCJW+
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-