General
-
Target
AnyDesk - Cracked.zip
-
Size
7.0MB
-
Sample
230315-dtcfjabc34
-
MD5
f5d5e48549431fe68d167af688e5f44b
-
SHA1
60d5e2914ba7bf1243901a847ef71a3e122dd333
-
SHA256
8fcbaee50d85f1f796cc34a6d5667c43ad62eb6eea04c03b2ce7a77387572df7
-
SHA512
eb21eeb0b39ee8822738ddb30e698ddf40303ad408562b1d9755ce776d9a5210e7bd295d7e1b72843893728b44ac64b1c4aa524da3bca992bb0b76371d30cc75
-
SSDEEP
196608:Yk1pC43yeENv89wLDzEs8nc9h4Da/cd5AxC7:z5NXG/z79d04xC7
Behavioral task
behavioral1
Sample
AnyDesk - Cracked/AnyDesk.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AnyDesk - Cracked/AnyDesk.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
AnyDesk - Cracked/anydesk.dll
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
AnyDesk - Cracked/AnyDesk.exe
-
Size
3.7MB
-
MD5
d56f4291404ec49622cac8e5604aaaa0
-
SHA1
ae4886650fff7ad8f8340112911a225d47703cc8
-
SHA256
2f4c254fc9778ab6a12483f21f9c8e69fe2d5ec2a06414da4f771ea14268878a
-
SHA512
594f7604678c8519054467f01749732ca465d76ae92d3747e192df26c0203da9491f3a1e06f854d009dead86e5957162ce33982df0405947044357d3f1c64424
-
SSDEEP
98304:WW0Ughn1zD8gmJUikb59sFaZw3abaqt8+Uen/xI:WWBCn5D8gmJUrvsFaZw3HsJI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
AnyDesk - Cracked/anydesk.dll
-
Size
3.3MB
-
MD5
66fa7283415aca195aab3a58fdef86cb
-
SHA1
da517a5bc62b74e4349c6ac4ab045c71b1a1562e
-
SHA256
8a705987075d93bbd2a7fb0e6044947507926623f45e8d8092ca2e6f67f5ce7d
-
SHA512
7a386704075ccc1f49e4771816de8ca6a9f2da4bb4668cf4c9f0ef82672eda9302345b72b5244639d8ab2712293a1792d5a862509b174256d5cb458ad0d7115f
-
SSDEEP
98304:kz56hxk5wcilIEJ0ZOZGtzLdJiYw18hgJ1KQ0gohl:o6hq5elTwOZGRlTqP0gi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-