General
-
Target
64cb280711db0137dc6da7f2cd71745f94ada56d890c6326f07f1b36eee36e07
-
Size
6.7MB
-
Sample
240410-nnb8paea79
-
MD5
185a05aefc21ed3f07716a01871e2c5a
-
SHA1
2e706b6810c21605fbb4b6c32dbdb1e5c1c28f0a
-
SHA256
64cb280711db0137dc6da7f2cd71745f94ada56d890c6326f07f1b36eee36e07
-
SHA512
458307a3b8f9ecd0bcae80582051835f5b263690d28bc85d4b228b1de7a3cb8146af9e7c139201146a1585a0d11531ef8a4534d00e1517406d8b19ecd835a7d9
-
SSDEEP
98304:Wrbq9XeGw2WuPDwTTOzAElMLmZ7oo8kTApKGaRqc4O1XujlqHRARZ:WrbcZpPDsTTLmxoQT7RRq4ujlzRZ
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
64cb280711db0137dc6da7f2cd71745f94ada56d890c6326f07f1b36eee36e07
-
Size
6.7MB
-
MD5
185a05aefc21ed3f07716a01871e2c5a
-
SHA1
2e706b6810c21605fbb4b6c32dbdb1e5c1c28f0a
-
SHA256
64cb280711db0137dc6da7f2cd71745f94ada56d890c6326f07f1b36eee36e07
-
SHA512
458307a3b8f9ecd0bcae80582051835f5b263690d28bc85d4b228b1de7a3cb8146af9e7c139201146a1585a0d11531ef8a4534d00e1517406d8b19ecd835a7d9
-
SSDEEP
98304:Wrbq9XeGw2WuPDwTTOzAElMLmZ7oo8kTApKGaRqc4O1XujlqHRARZ:WrbcZpPDsTTLmxoQT7RRq4ujlzRZ
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-