8fcbaee50d85f1f796cc34a6d5667c43ad62eb6eea04c03b2ce7a77387572df7 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

AnyDesk - ...sk.exe

windows7-x64

9

AnyDesk - ...sk.exe

windows10-2004-x64

9

AnyDesk - ...sk.dll

windows7-x64

9

AnyDesk - ...sk.dll

windows10-2004-x64

9

Sharing

General

Target

AnyDesk - Cracked.zip
Size

7.0MB
Sample

230315-dtcfjabc34
MD5

f5d5e48549431fe68d167af688e5f44b
SHA1

60d5e2914ba7bf1243901a847ef71a3e122dd333
SHA256

8fcbaee50d85f1f796cc34a6d5667c43ad62eb6eea04c03b2ce7a77387572df7
SHA512

eb21eeb0b39ee8822738ddb30e698ddf40303ad408562b1d9755ce776d9a5210e7bd295d7e1b72843893728b44ac64b1c4aa524da3bca992bb0b76371d30cc75
SSDEEP

196608:Yk1pC43yeENv89wLDzEs8nc9h4Da/cd5AxC7:z5NXG/z79d04xC7

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AnyDesk - Cracked/AnyDesk.exe

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

11 signatures

600 seconds

Behavioral task

behavioral2

Sample

AnyDesk - Cracked/AnyDesk.exe

Resource

win10v2004-20230220-en

evasion themida trojan

windows10-2004-x64

11 signatures

600 seconds

Behavioral task

behavioral3

Sample

AnyDesk - Cracked/anydesk.dll

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

5 signatures

600 seconds

Behavioral task

behavioral4

Sample

AnyDesk - Cracked/anydesk.dll

Resource

win10v2004-20230220-en

evasion themida trojan

windows10-2004-x64

5 signatures

600 seconds

Malware Config

Targets

- Target
  
  AnyDesk - Cracked/AnyDesk.exe
- Size
  
  3.7MB
- MD5
  
  d56f4291404ec49622cac8e5604aaaa0
- SHA1
  
  ae4886650fff7ad8f8340112911a225d47703cc8
- SHA256
  
  2f4c254fc9778ab6a12483f21f9c8e69fe2d5ec2a06414da4f771ea14268878a
- SHA512
  
  594f7604678c8519054467f01749732ca465d76ae92d3747e192df26c0203da9491f3a1e06f854d009dead86e5957162ce33982df0405947044357d3f1c64424
- SSDEEP
  
  98304:WW0Ughn1zD8gmJUikb59sFaZw3abaqt8+Uen/xI:WWBCn5D8gmJUrvsFaZw3HsJI
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  AnyDesk - Cracked/anydesk.dll
- Size
  
  3.3MB
- MD5
  
  66fa7283415aca195aab3a58fdef86cb
- SHA1
  
  da517a5bc62b74e4349c6ac4ab045c71b1a1562e
- SHA256
  
  8a705987075d93bbd2a7fb0e6044947507926623f45e8d8092ca2e6f67f5ce7d
- SHA512
  
  7a386704075ccc1f49e4771816de8ca6a9f2da4bb4668cf4c9f0ef82672eda9302345b72b5244639d8ab2712293a1792d5a862509b174256d5cb458ad0d7115f
- SSDEEP
  
  98304:kz56hxk5wcilIEJ0ZOZGtzLdJiYw18hgJ1KQ0gohl:o6hq5elTwOZGRlTqP0gi
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

evasionthemidatrojan

behavioral4

evasionthemidatrojan

© 2018-2024

Terms | Privacy