General
-
Target
AnyDesk (1).exe
-
Size
10.4MB
-
Sample
240412-x5dmhsdd22
-
MD5
3d0c8333743f1383c30efe4bf72b349a
-
SHA1
cc2c6999033e3f3bc3b784bf5fddea7a0a7128ad
-
SHA256
0fa68ef04b82ff7bee4f0ec2aeb6d9df5d395b9fb06cf3cc2b014b0a1843733c
-
SHA512
6d82f820ffad2961dd81596616d03cd582826ceb8d969a3d5b2a22e83015ba1cbbf37ab40c05484e5f76608bce89b0392d180a9758c68466d02f9329f35d758e
-
SSDEEP
196608:WTTkZL7FO5lyn5dTwRy8TASmLwzHjhceQbbqNzMUKmi:Wsh+y572Hh9QbbeMUDi
Behavioral task
behavioral1
Sample
AnyDesk (1).exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
AnyDesk (1).exe
-
Size
10.4MB
-
MD5
3d0c8333743f1383c30efe4bf72b349a
-
SHA1
cc2c6999033e3f3bc3b784bf5fddea7a0a7128ad
-
SHA256
0fa68ef04b82ff7bee4f0ec2aeb6d9df5d395b9fb06cf3cc2b014b0a1843733c
-
SHA512
6d82f820ffad2961dd81596616d03cd582826ceb8d969a3d5b2a22e83015ba1cbbf37ab40c05484e5f76608bce89b0392d180a9758c68466d02f9329f35d758e
-
SSDEEP
196608:WTTkZL7FO5lyn5dTwRy8TASmLwzHjhceQbbqNzMUKmi:Wsh+y572Hh9QbbeMUDi
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-