General

  • Target

    AnyDesk.exe

  • Size

    5.0MB

  • Sample

    240217-3tnw1abg81

  • MD5

    a21768190f3b9feae33aaef660cb7a83

  • SHA1

    24780657328783ef50ae0964b23288e68841a421

  • SHA256

    55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

  • SHA512

    ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

  • SSDEEP

    98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Malware Config

Targets

    • Target

      AnyDesk.exe

    • Size

      5.0MB

    • MD5

      a21768190f3b9feae33aaef660cb7a83

    • SHA1

      24780657328783ef50ae0964b23288e68841a421

    • SHA256

      55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

    • SHA512

      ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

    • SSDEEP

      98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

    • InfinityLock Ransomware

      Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks