General

  • Target

    AnyDesk (1).exe

  • Size

    10.4MB

  • Sample

    240412-x5dmhsdd22

  • MD5

    3d0c8333743f1383c30efe4bf72b349a

  • SHA1

    cc2c6999033e3f3bc3b784bf5fddea7a0a7128ad

  • SHA256

    0fa68ef04b82ff7bee4f0ec2aeb6d9df5d395b9fb06cf3cc2b014b0a1843733c

  • SHA512

    6d82f820ffad2961dd81596616d03cd582826ceb8d969a3d5b2a22e83015ba1cbbf37ab40c05484e5f76608bce89b0392d180a9758c68466d02f9329f35d758e

  • SSDEEP

    196608:WTTkZL7FO5lyn5dTwRy8TASmLwzHjhceQbbqNzMUKmi:Wsh+y572Hh9QbbeMUDi

Score
7/10

Malware Config

Targets

    • Target

      AnyDesk (1).exe

    • Size

      10.4MB

    • MD5

      3d0c8333743f1383c30efe4bf72b349a

    • SHA1

      cc2c6999033e3f3bc3b784bf5fddea7a0a7128ad

    • SHA256

      0fa68ef04b82ff7bee4f0ec2aeb6d9df5d395b9fb06cf3cc2b014b0a1843733c

    • SHA512

      6d82f820ffad2961dd81596616d03cd582826ceb8d969a3d5b2a22e83015ba1cbbf37ab40c05484e5f76608bce89b0392d180a9758c68466d02f9329f35d758e

    • SSDEEP

      196608:WTTkZL7FO5lyn5dTwRy8TASmLwzHjhceQbbqNzMUKmi:Wsh+y572Hh9QbbeMUDi

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks