Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AnyDesk.zip
-
Size
5.2MB
-
Sample
221014-l3s4msaddl
-
MD5
3d172848ceb6b8464948e97e50655fa7
-
SHA1
6d402377c5cc98819e8d0e4dbcf511703cccb7d8
-
SHA256
b308ef119eeb47eccbe6c31004f34f68e1816e8d5f37785568f634f28f1fea78
-
SHA512
702c0a291d28d9bad0debe1999291d4044ed1db29131044a3862a512f183efc7a0d8112e089508bab46ba54c1347e441b7b5dfe2bd564a4800e5574b3dfa2e66
-
SSDEEP
98304:6OlsVrxlZxgG19hXMhw1VhTJ97dcVHV3fj8aR2Wz5KDDZKcM:6usVlrFVddcVHNNR2W45bM
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk/AnyDesk.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55
1340
https://t.me/truewallets
https://mas.to/@zara99
http://116.203.10.3:80
-
profile_id
1340
Targets
-
-
Target
AnyDesk/AnyDesk.exe
-
Size
700.0MB
-
MD5
fd63fa7df8db3392b0200021f20bfea0
-
SHA1
d1a39db7ed2d9ab3b49a91b94481dd7a4d4cc2aa
-
SHA256
5861d5cc8e59860c0e0d54a78ee3ae6e0f2c25cbea56aee62443129c546ea033
-
SHA512
ee4a0d4c5265ed5af24942aefb635596a3de7c961553aa129346d411bbcf1fd3595c75fedaaa8dd5d64f5be984a9cdf25c7564a7c7b0f3d9d169498027cbb385
-
SSDEEP
98304:3y8sus1dhVMv8tDXvT19ncjZj3djEeZeOdfmZ/vl1:3yTJD7ncjZzBZeOYFl1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-