Overview

overview

10

Static

static

AnyDesk (1).exe

windows7-x64

1

AnyDesk (1).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnyDesk (1).exe

  • Size

    3.8MB

  • Sample

    230115-xrvzmsef3x

  • MD5

    fe61cd9e702ec1208c13350c00f0732c

  • SHA1

    379520c1ad0541d5a30f214e15b7c8bff6766f9f

  • SHA256

    580f6a285c6c3b7238bd16e1aeb62a077ae44b5061a2162e9fd6383af59028bb

  • SHA512

    504e581026719b31555f0131bbaf9d5655c8955d9382cc53688873295d393028987032bdfccef09cf42e16ea51f8f8bf91543585b2754d5827d7b29325540cab

  • SSDEEP

    98304:RSExf+1CnXTxQ9LDj6eblG+L9nDHPdQod:RScf+8nXdQvPtL97dPd

Score
10/10

Malware Config

Targets

    • Target

      AnyDesk (1).exe

    • Size

      3.8MB

    • MD5

      fe61cd9e702ec1208c13350c00f0732c

    • SHA1

      379520c1ad0541d5a30f214e15b7c8bff6766f9f

    • SHA256

      580f6a285c6c3b7238bd16e1aeb62a077ae44b5061a2162e9fd6383af59028bb

    • SHA512

      504e581026719b31555f0131bbaf9d5655c8955d9382cc53688873295d393028987032bdfccef09cf42e16ea51f8f8bf91543585b2754d5827d7b29325540cab

    • SSDEEP

      98304:RSExf+1CnXTxQ9LDj6eblG+L9nDHPdQod:RScf+8nXdQvPtL97dPd

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks