General
-
Target
b32f96217e69b983264075a884c789bbb59b04995f5468c2c6a54d9385d13a80
-
Size
6.7MB
-
Sample
240410-qwbm8she53
-
MD5
2b6ad7f446fe56f8bb5438a4784afe78
-
SHA1
15f5584e569668013548b2f27a417a6482c9317f
-
SHA256
b32f96217e69b983264075a884c789bbb59b04995f5468c2c6a54d9385d13a80
-
SHA512
160537e84ecc2694b514482b95dd70c03abc4580de2cd6f2ae38d332bf4446cbbf9a66676be87a8f4ca25b68be5533342af1d6ebde33577a0aff6a3004800bee
-
SSDEEP
98304:gOOles66ycm4i+stzTTOzAElMLmZ7oo8kTApKGaRqc4O1XujlqEBLMkqzEoe:Ns6cizZTTLmxoQT7RRq4ujlBBTqz3
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
b32f96217e69b983264075a884c789bbb59b04995f5468c2c6a54d9385d13a80
-
Size
6.7MB
-
MD5
2b6ad7f446fe56f8bb5438a4784afe78
-
SHA1
15f5584e569668013548b2f27a417a6482c9317f
-
SHA256
b32f96217e69b983264075a884c789bbb59b04995f5468c2c6a54d9385d13a80
-
SHA512
160537e84ecc2694b514482b95dd70c03abc4580de2cd6f2ae38d332bf4446cbbf9a66676be87a8f4ca25b68be5533342af1d6ebde33577a0aff6a3004800bee
-
SSDEEP
98304:gOOles66ycm4i+stzTTOzAElMLmZ7oo8kTApKGaRqc4O1XujlqEBLMkqzEoe:Ns6cizZTTLmxoQT7RRq4ujlBBTqz3
Score10/10-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-