General
-
Target
4069c013a2ec0c082f78a73719dcabb7
-
Size
5.9MB
-
Sample
240104-krpfmsccgl
-
MD5
4069c013a2ec0c082f78a73719dcabb7
-
SHA1
14d643ed38a6c64c299bc24379b5b66ac958aff6
-
SHA256
2f279b760ab7916b996d451904e1fea41c0f01bae1c80faddf667b8a865d1a0c
-
SHA512
5a5bdfa931a1f9a2b8855e6331669404f332f504f15a5eae7fb6e51f7ac99bbb83f5c986931fadb00c761e81617a47707cff811eb6e2ebf55369cec8f6002f05
-
SSDEEP
49152:pFWJLirb/TkvO90dL3BmAFd4A64nsfJ5mb5KN0ZKrVbLMe8paAzK1X4FXtPqnJ0x:pF8mmMmAQQQQQQQQQQQQQ
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
4069c013a2ec0c082f78a73719dcabb7
-
Size
5.9MB
-
MD5
4069c013a2ec0c082f78a73719dcabb7
-
SHA1
14d643ed38a6c64c299bc24379b5b66ac958aff6
-
SHA256
2f279b760ab7916b996d451904e1fea41c0f01bae1c80faddf667b8a865d1a0c
-
SHA512
5a5bdfa931a1f9a2b8855e6331669404f332f504f15a5eae7fb6e51f7ac99bbb83f5c986931fadb00c761e81617a47707cff811eb6e2ebf55369cec8f6002f05
-
SSDEEP
49152:pFWJLirb/TkvO90dL3BmAFd4A64nsfJ5mb5KN0ZKrVbLMe8paAzK1X4FXtPqnJ0x:pF8mmMmAQQQQQQQQQQQQQ
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-