General

  • Target

    AnyDeskSetup_26b30163.msi

  • Size

    11.0MB

  • Sample

    230124-rye9wacb59

  • MD5

    c4e9e9a06001c6197de2ea2fec3d2214

  • SHA1

    369006350f6b4c43c7f51a90deb5e73a20156b55

  • SHA256

    e4edb4cc8f35c7bab6e89774a279593d492714fce9865e53879f87d3704ad96c

  • SHA512

    00008fd26c3047afbbc73fc19d20700861e9501b1c9509b7abcfd218a814a2b0aa24fa934338942aee809ca53240b539e77f6d91013cae0eee076282e4047156

  • SSDEEP

    196608:6e9dQDU9N3glGcBo/6xDD7yLEY2sNd0nOn1q1eUD9p8b3lWG7uCMkCA:N8g91gGcBD7yLfmz1rGYG6CMi

Score
10/10

Malware Config

Targets

    • Target

      AnyDeskSetup_26b30163.msi

    • Size

      11.0MB

    • MD5

      c4e9e9a06001c6197de2ea2fec3d2214

    • SHA1

      369006350f6b4c43c7f51a90deb5e73a20156b55

    • SHA256

      e4edb4cc8f35c7bab6e89774a279593d492714fce9865e53879f87d3704ad96c

    • SHA512

      00008fd26c3047afbbc73fc19d20700861e9501b1c9509b7abcfd218a814a2b0aa24fa934338942aee809ca53240b539e77f6d91013cae0eee076282e4047156

    • SSDEEP

      196608:6e9dQDU9N3glGcBo/6xDD7yLEY2sNd0nOn1q1eUD9p8b3lWG7uCMkCA:N8g91gGcBD7yLfmz1rGYG6CMi

    Score
    10/10
    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks