Overview

overview

8

Static

static

1

Anydesk.msi

windows10-2004-x64

8

Resubmissions

11/04/2023, 21:46

230411-1myfraff44 8

07/04/2023, 13:09

230407-qd79gsba8w 8

14/02/2023, 11:29

230214-nlmxeacd2y 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Anydesk.msi

  • Size

    113.2MB

  • Sample

    230411-1myfraff44

  • MD5

    b893e3c1625b6588df8b6a296b035f6a

  • SHA1

    b5ecbf7e5717a199234952fb0dc09b721a7d0412

  • SHA256

    2e65cfebde138e4dd816d3e8b8105e796c4eb38cfa27015938c0445ee5be8331

  • SHA512

    91fe37241626c0e5c3b02d43ac150635f8d39683d715c24683a09d1c11661de96ac597e67e018d4b5a045f1b5b7da75a6024494ed29d00e5e7ecf0b7e310d20d

  • SSDEEP

    3145728:QVS3Qdn9aBPhZJPgpAR8pDZCy0KHyzsTI3:z3Qd9anZJP/R87C5Qms0

Score
8/10

Malware Config

Targets

    • Target

      Anydesk.msi

    • Size

      113.2MB

    • MD5

      b893e3c1625b6588df8b6a296b035f6a

    • SHA1

      b5ecbf7e5717a199234952fb0dc09b721a7d0412

    • SHA256

      2e65cfebde138e4dd816d3e8b8105e796c4eb38cfa27015938c0445ee5be8331

    • SHA512

      91fe37241626c0e5c3b02d43ac150635f8d39683d715c24683a09d1c11661de96ac597e67e018d4b5a045f1b5b7da75a6024494ed29d00e5e7ecf0b7e310d20d

    • SSDEEP

      3145728:QVS3Qdn9aBPhZJPgpAR8pDZCy0KHyzsTI3:z3Qd9anZJP/R87C5Qms0

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks