General
-
Target
bfe0ac25eeeb759f7c8e06229c7313a2
-
Size
5.9MB
-
Sample
240311-fc7w8acc38
-
MD5
bfe0ac25eeeb759f7c8e06229c7313a2
-
SHA1
199c1fbd29f9ec98b83464763dac63ef80998bb3
-
SHA256
be9c5e5ce6d4544e6bddbd47c26873fe0c33414086824b1d4968a638184a8a7c
-
SHA512
a0f3b477de1603d7e032608692857a4865059ba61ae1276334f281970a1484a6c81463fba2a2bbc9821c016e06e206d621fdb97e8743fc60e3515fba88997a72
-
SSDEEP
49152:tvGIuxrb/TkvO90dL3BmAFd4A64nsfJ1XU59mMJETIR1iVhYOxbJBKqKhmYYMNn9:tvGfXdmAQQQQQQQQQQQQQ
Static task
static1
Behavioral task
behavioral1
Sample
bfe0ac25eeeb759f7c8e06229c7313a2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bfe0ac25eeeb759f7c8e06229c7313a2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
bfe0ac25eeeb759f7c8e06229c7313a2
-
Size
5.9MB
-
MD5
bfe0ac25eeeb759f7c8e06229c7313a2
-
SHA1
199c1fbd29f9ec98b83464763dac63ef80998bb3
-
SHA256
be9c5e5ce6d4544e6bddbd47c26873fe0c33414086824b1d4968a638184a8a7c
-
SHA512
a0f3b477de1603d7e032608692857a4865059ba61ae1276334f281970a1484a6c81463fba2a2bbc9821c016e06e206d621fdb97e8743fc60e3515fba88997a72
-
SSDEEP
49152:tvGIuxrb/TkvO90dL3BmAFd4A64nsfJ1XU59mMJETIR1iVhYOxbJBKqKhmYYMNn9:tvGfXdmAQQQQQQQQQQQQQ
-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-