55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

AnyDesk.exe

windows10-2004-x64

7

AnyDesk.exe

macos-10.15-amd64

4

Sharing

General

Target

AnyDesk.exe
Size

5.0MB
Sample

240218-ab3m8acd59
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

7^/10

discovery evasion execution macos persistence themida upx

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10v2004-20231215-en

discovery persistence themida upx

windows10-2004-x64

31 signatures

1800 seconds

Behavioral task

behavioral2

Sample

AnyDesk.exe

Resource

macos-20240214-en

evasion execution

macos-10.15-amd64

2 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  5.0MB
- MD5
  
  a21768190f3b9feae33aaef660cb7a83
- SHA1
  
  24780657328783ef50ae0964b23288e68841a421
- SHA256
  
  55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
- SHA512
  
  ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
- SSDEEP
  
  98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
Score

7^/10

discovery persistence themida upx evasion execution
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Launchctl

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Resource Forking

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencethemidaupx

behavioral2

evasionexecution

© 2018-2025

Terms | Privacy