fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18 | Triage

Submit
Reports

Overview

overview

Static

static

1

AnyDesk.exe

windows10-1703-x64

Resubmissions

05-02-2023 19:45

230205-ygsl7sea5t 10

05-02-2023 19:32

230205-x8yf4aae86 10

Sharing

General

Target

AnyDesk.exe
Size

3.8MB
Sample

230205-x8yf4aae86
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

10^/10

discovery evasion spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10-20220812-es

discovery evasion spyware stealer trojan

windows10-1703-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  3.8MB
- MD5
  
  e546506082b374a0869bdd97b313fe5d
- SHA1
  
  082dc6b336b41788391bad20b26f4b9a1ad724fc
- SHA256
  
  fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
- SHA512
  
  15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
- SSDEEP
  
  98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM
Score

10^/10

discovery evasion spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

© 2018-2024

Terms | Privacy