General
-
Target
AnyDesk_x64x32.zip
-
Size
8.1MB
-
Sample
221130-vq913acf9w
-
MD5
11f60048e753528d160964f2a9f627e9
-
SHA1
c0ab9eabdf5c55ee0bc4f527a09deac10642de86
-
SHA256
7f874e1018fb27609df79be210c6b4345246dd3559577afc56c561879da1dd4b
-
SHA512
0f9ffe2b3964d4b319c7a2ce1b88aaa90e3678d3375e67c3b87fd6fa25f08e9bbe3baced563c872337b807d5d154203632d7b7e27ae7641bd777a49f9d622ad1
-
SSDEEP
196608:eR5ArpeWisxTHVeZLp73qU67S9x0O7KpA7t1ZtNs:ez4UWJfS9Z7tNu
Behavioral task
behavioral1
Sample
AnyDesk_x64x32/AnyDesk_x64x32.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.8
1678
https://t.me/paysotr_france
-
profile_id
1678
Targets
-
-
Target
AnyDesk_x64x32/AnyDesk_x64x32.exe
-
Size
745.2MB
-
MD5
5956d3d9c0cdd930cf7754cfc194feaf
-
SHA1
0ab481033c4d03850c8426a636d9c6d542d3546a
-
SHA256
9349e45e03aa3efff2c32e8987dd905ec618f80083e43c9e06f997fe52dfd7c7
-
SHA512
31b2157bb4bdf43948fa700a2720a97f95df4d158a69df14eab334dfc9594dc3f6c29bdccef65dbe7358bcfed129c51c43c3a6b614bfc9d187e18b0475822d8f
-
SSDEEP
98304:JQrLZQrLAmaY70kUpqnT/0FH1Bj81K0sFCHnkcCemOU+ltwiSqfqdNZvJbhr4H:JULZULAQ7ZTr0FH1BAoFOZPfq/S
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-