Overview

overview

10

Static

static

3

cfde117b17...06.exe

windows7-x64

10

cfde117b17...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfde117b17c27f85169ad02256991c06

  • Size

    4.1MB

  • Sample

    231222-saya8aedcm

  • MD5

    cfde117b17c27f85169ad02256991c06

  • SHA1

    407b79248177f34d215c8ac56dc2e4f6ad2b2c54

  • SHA256

    93da2c13d3708853fd6230ac659a4cbbe26593aa0f335ad3e62b262ac6876e62

  • SHA512

    69d141e37fbf65d21b16cf81a5cac8d71b8ad746fc0c081578e552f004174ee99cfdf45b14511c6909f8b208f2a44176f284653071bb42553f301a9097b7fc54

  • SSDEEP

    98304:LV5gByop3bAU4jgGgnbnB4/7mN/naip6NOrxzfc0Nmm7pFRt:Lu9rEjhCB4jI4Kmm7xt

Score
10/10
servhelperbackdoordiscoveryexploitpersistencetrojan

Malware Config

Targets

    • Target

      cfde117b17c27f85169ad02256991c06

    • Size

      4.1MB

    • MD5

      cfde117b17c27f85169ad02256991c06

    • SHA1

      407b79248177f34d215c8ac56dc2e4f6ad2b2c54

    • SHA256

      93da2c13d3708853fd6230ac659a4cbbe26593aa0f335ad3e62b262ac6876e62

    • SHA512

      69d141e37fbf65d21b16cf81a5cac8d71b8ad746fc0c081578e552f004174ee99cfdf45b14511c6909f8b208f2a44176f284653071bb42553f301a9097b7fc54

    • SSDEEP

      98304:LV5gByop3bAU4jgGgnbnB4/7mN/naip6NOrxzfc0Nmm7pFRt:Lu9rEjhCB4jI4Kmm7xt

    Score
    10/10
    servhelperbackdoordiscoveryexploitpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

      exploit

    • Sets DLL path for service in the registry

      persistence

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks