Overview

overview

10

Static

static

3

44d42138d6...18.exe

windows7-x64

10

44d42138d6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44d42138d67d0e52c3c26cb726bc8f39_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240330-1f571sfa91

  • MD5

    44d42138d67d0e52c3c26cb726bc8f39

  • SHA1

    2613e0e464b334ed66e34a8cffc174c5603dd1d9

  • SHA256

    074d3a0bcfb3d4b0b179a2495004fb95947de60ce002fded7af1d1781add9d2b

  • SHA512

    9d59b4dfb96bbe5b59f1b5c0561dafd8fe3f2fb1ababf4e7a384577ddf63adb703802187e7a7bfd671c4fd67e84214bb2b3283edae85e0f2a424148d9e0be1fa

  • SSDEEP

    98304:5RDQNYpuboTrhHZw1LhIArXs7YL8WVM872qAR:5RePbo3tZw17s7YQWg

Score
10/10
servhelperbackdoordiscoveryexploitpersistencetrojan

Malware Config

Targets

    • Target

      44d42138d67d0e52c3c26cb726bc8f39_JaffaCakes118

    • Size

      4.2MB

    • MD5

      44d42138d67d0e52c3c26cb726bc8f39

    • SHA1

      2613e0e464b334ed66e34a8cffc174c5603dd1d9

    • SHA256

      074d3a0bcfb3d4b0b179a2495004fb95947de60ce002fded7af1d1781add9d2b

    • SHA512

      9d59b4dfb96bbe5b59f1b5c0561dafd8fe3f2fb1ababf4e7a384577ddf63adb703802187e7a7bfd671c4fd67e84214bb2b3283edae85e0f2a424148d9e0be1fa

    • SSDEEP

      98304:5RDQNYpuboTrhHZw1LhIArXs7YL8WVM872qAR:5RePbo3tZw17s7YQWg

    Score
    10/10
    servhelperbackdoordiscoveryexploitpersistencetrojan

    • ServHelper

      ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

      trojanbackdoorservhelper

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

      exploit

    • Sets DLL path for service in the registry

      persistence

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks