General
-
Target
046f08e500cc9156c4af47a73744ccb060606c77d7a8beb5677aa6ff4d256211
-
Size
5.9MB
-
Sample
240410-lcbrnsde41
-
MD5
f71c575754e1f5890ad8b35afd08b8be
-
SHA1
69803b96f3820fabd81c79d422a1fa2a72ccb699
-
SHA256
046f08e500cc9156c4af47a73744ccb060606c77d7a8beb5677aa6ff4d256211
-
SHA512
32f7fab593c46efe2586825aff79688e4a688735bf950b351fe3bdffc4a9dff01da0b2d4a92acf4d4bd14aac362884bd264beced9e8b82fd3111e8ef8ef31301
-
SSDEEP
49152:1Hjgzprb/TkvO90dL3BmAFd4A64nsfJ9X559RIO3CV7rfM2Zy4oaBqn4BHXVpetO:1H6/X5mAQQQQQQQQQQQQQ
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
046f08e500cc9156c4af47a73744ccb060606c77d7a8beb5677aa6ff4d256211
-
Size
5.9MB
-
MD5
f71c575754e1f5890ad8b35afd08b8be
-
SHA1
69803b96f3820fabd81c79d422a1fa2a72ccb699
-
SHA256
046f08e500cc9156c4af47a73744ccb060606c77d7a8beb5677aa6ff4d256211
-
SHA512
32f7fab593c46efe2586825aff79688e4a688735bf950b351fe3bdffc4a9dff01da0b2d4a92acf4d4bd14aac362884bd264beced9e8b82fd3111e8ef8ef31301
-
SSDEEP
49152:1Hjgzprb/TkvO90dL3BmAFd4A64nsfJ9X559RIO3CV7rfM2Zy4oaBqn4BHXVpetO:1H6/X5mAQQQQQQQQQQQQQ
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-