General

  • Target

    AnyDesk.iso

  • Size

    319.7MB

  • Sample

    221215-xs7ptsgb2x

  • MD5

    0c6ac8051100eb3495f7dc387fc6b48f

  • SHA1

    8cb480758127acc56c5a7eea4cd2b0ad0db57747

  • SHA256

    9a9865c54433fd63e798d13aef8f780c534bca0950800bdae18cb7a7549d738c

  • SHA512

    1746933af231639482c50bb8e095f7998264546e2a38a31a4743c6b82e5fbfb5a4e647d7de454dfb2c4cf7c7d192d29aa711a459011707ada48315efd54051f8

  • SSDEEP

    12288:fp1W1lO/xCOQ6bIdHcZ86Zu01bB9dD0QZAlp8JjH4pMGD+hklt+/ChwE3n:fpSlyQdAIdHc11Bnwzlp3pMqtgI3n

Malware Config

Targets

    • Target

      AnyDesk.exe

    • Size

      319.2MB

    • MD5

      09ab4f1d10bd4fc4943dcf8d6b775675

    • SHA1

      342143ccfb30b0709e09041658929a8f550bb567

    • SHA256

      26869073aeaf75d56a64b8ee73ae3ebe4d559e944f8d050296ed8d05507e892c

    • SHA512

      6d28484e9b1ea256f9753a3b7e31aec8236318c7a4c892bf5c6eb9a26ce187dce39fb039776a58c2601aba6210d1bcd8fd9d3b6bd1336d246541eadec7848aed

    • SSDEEP

      12288:Dp1W1lO/xCOQ6bIdHcZ86Zu01bB9dD0QZAlp8JjH4pMGD+hklt+/ChwE3n:DpSlyQdAIdHc11Bnwzlp3pMqtgI3n

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

3
T1005

Tasks