Overview

overview

10

Static

static

3

b0c3c2a059...c2.exe

windows7-x64

10

b0c3c2a059...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0c3c2a0596614eeb982676f23b2b3c2

  • Size

    4.2MB

  • Sample

    231222-q7c1fadbhk

  • MD5

    b0c3c2a0596614eeb982676f23b2b3c2

  • SHA1

    4fd90dccbb3d603c522b5a3ed172004131f45413

  • SHA256

    c2add78326f26be631d5cf21ff3ca5e5393b090adb1dc7b11a14f29a00818ac2

  • SHA512

    3a5cb95b6ed274debd2ec711f58d1ae647b8725aa86c63b8181accc48bc26cb2311ca62cd5dabc0906c3daf4866cb861fae6ff1e054f2ad94b237bc5d7391a44

  • SSDEEP

    98304:KI6X9OmbHlT6U1FGbJqj2OCuaIGbFAUqxdijH8tk8vp8K:jmbN6kEJqjGu7iFoxk8+

Score
10/10
servhelperbackdoordiscoveryexploitpersistencetrojan

Malware Config

Targets

    • Target

      b0c3c2a0596614eeb982676f23b2b3c2

    • Size

      4.2MB

    • MD5

      b0c3c2a0596614eeb982676f23b2b3c2

    • SHA1

      4fd90dccbb3d603c522b5a3ed172004131f45413

    • SHA256

      c2add78326f26be631d5cf21ff3ca5e5393b090adb1dc7b11a14f29a00818ac2

    • SHA512

      3a5cb95b6ed274debd2ec711f58d1ae647b8725aa86c63b8181accc48bc26cb2311ca62cd5dabc0906c3daf4866cb861fae6ff1e054f2ad94b237bc5d7391a44

    • SSDEEP

      98304:KI6X9OmbHlT6U1FGbJqj2OCuaIGbFAUqxdijH8tk8vp8K:jmbN6kEJqjGu7iFoxk8+

    Score
    10/10
    servhelperbackdoordiscoveryexploitpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

      exploit

    • Sets DLL path for service in the registry

      persistence

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks