6d335ee4ecfb270693e6054e9cd7d0cbdb4c4735d1a3229f059226a9fbd60a5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AnyDesk (4).exe
Size

1.4MB
Sample

240125-gqf64ahfh9
MD5

055fc495cd42cf445abf2f8fd99f2e4d
SHA1

81f2bb25d57894f6a87bfcbf1c885ca0881e1578
SHA256

6d335ee4ecfb270693e6054e9cd7d0cbdb4c4735d1a3229f059226a9fbd60a5a
SHA512

ccfccce7ad1e227e724cfd53438c2b91a5b961476d38f72797e016ea65f6f542e9b8eaa53d1bad03a2d6f3250f81763654b2fef2ac45c5bc63e0f1ecd0c4bdd2
SSDEEP

24576:MoOqKw+chJgYOggDK10pvogD5Iw/xqVeUuBwkDvWnOQVj+FYeZIJxIPiPNQwfI/:MoODcjlcj9IwIVB5k7Wn5i/mJKkpQ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  AnyDesk (4).exe
- Size
  
  1.4MB
- MD5
  
  055fc495cd42cf445abf2f8fd99f2e4d
- SHA1
  
  81f2bb25d57894f6a87bfcbf1c885ca0881e1578
- SHA256
  
  6d335ee4ecfb270693e6054e9cd7d0cbdb4c4735d1a3229f059226a9fbd60a5a
- SHA512
  
  ccfccce7ad1e227e724cfd53438c2b91a5b961476d38f72797e016ea65f6f542e9b8eaa53d1bad03a2d6f3250f81763654b2fef2ac45c5bc63e0f1ecd0c4bdd2
- SSDEEP
  
  24576:MoOqKw+chJgYOggDK10pvogD5Iw/xqVeUuBwkDvWnOQVj+FYeZIJxIPiPNQwfI/:MoODcjlcj9IwIVB5k7Wn5i/mJKkpQ
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2