Overview

overview

10

Static

static

3

37ee84f993...75.exe

windows7-x64

10

37ee84f993...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37ee84f9933d943000195e804b3b7b75

  • Size

    4.1MB

  • Sample

    231222-av19hagadn

  • MD5

    37ee84f9933d943000195e804b3b7b75

  • SHA1

    738f4e23ce5dd5c2c08de9cdb9ca99c0e4db90f5

  • SHA256

    c6d19a50de0ff5674c48106227234f3e9d5231e97a79cf51dd137042b7444ba5

  • SHA512

    fdb6f22c1adf37a6e6d11419c964859602f1db8ce3dcb2ec887570e168d47975a74b5a16e8af5da11d4de54e071e308a950ef3908def2f0612de3ac0b6fd73f2

  • SSDEEP

    98304:l8Cirq4EmiHjDhIKuPU5Du+f+8Q4LuIa:lUrqzjDhOkGCTa

Score
10/10
servhelperbackdoordiscoveryexploitpersistencetrojan

Malware Config

Targets

    • Target

      37ee84f9933d943000195e804b3b7b75

    • Size

      4.1MB

    • MD5

      37ee84f9933d943000195e804b3b7b75

    • SHA1

      738f4e23ce5dd5c2c08de9cdb9ca99c0e4db90f5

    • SHA256

      c6d19a50de0ff5674c48106227234f3e9d5231e97a79cf51dd137042b7444ba5

    • SHA512

      fdb6f22c1adf37a6e6d11419c964859602f1db8ce3dcb2ec887570e168d47975a74b5a16e8af5da11d4de54e071e308a950ef3908def2f0612de3ac0b6fd73f2

    • SSDEEP

      98304:l8Cirq4EmiHjDhIKuPU5Du+f+8Q4LuIa:lUrqzjDhOkGCTa

    Score
    10/10
    servhelperbackdoordiscoveryexploitpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

      exploit

    • Sets DLL path for service in the registry

      persistence

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks