General
-
Target
Anydesk.exe
-
Size
3.9MB
-
Sample
230130-wwp4hsbe24
-
MD5
c30a168ae9c4e3980b7091b3709b1b59
-
SHA1
2f09434670080fde17283c8a07a493d3ad9aa074
-
SHA256
8a08c5c435d4504bc57a6ad63b49f8b33d05ba06cf2a73941fde6e3f65988e45
-
SHA512
777cbd97c84c0ee354f238b09fa5c349c5389f06436d698f0c04e51b4cf30d5f73eb90d32b604de27a5565684be4b98d703f833d1ac27df3a69cb0ef40dfaefb
-
SSDEEP
98304:4ysHc8EnmSWgex5brdsC0hLR8foTFVnkZxyTZXxH:4ysHH4HnOuCCLRAoHGyTZXxH
Behavioral task
behavioral1
Sample
Anydesk.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Anydesk.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Anydesk.exe
-
Size
3.9MB
-
MD5
c30a168ae9c4e3980b7091b3709b1b59
-
SHA1
2f09434670080fde17283c8a07a493d3ad9aa074
-
SHA256
8a08c5c435d4504bc57a6ad63b49f8b33d05ba06cf2a73941fde6e3f65988e45
-
SHA512
777cbd97c84c0ee354f238b09fa5c349c5389f06436d698f0c04e51b4cf30d5f73eb90d32b604de27a5565684be4b98d703f833d1ac27df3a69cb0ef40dfaefb
-
SSDEEP
98304:4ysHc8EnmSWgex5brdsC0hLR8foTFVnkZxyTZXxH:4ysHH4HnOuCCLRAoHGyTZXxH
Score10/10-
StormKitty payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-