General
-
Target
AnyDesk(1).zip
-
Size
13.6MB
-
Sample
240421-pkkw4abc39
-
MD5
9d6c9697bbcda9b9a1deba4ebb9079a7
-
SHA1
3cc4e04369f9bbcee033e979418864a83966be88
-
SHA256
355b1fbee5360bcffb1b9465b88b63bed3f3e9845b6286bad374b70098850249
-
SHA512
57f69ae4671d9bc817ba45eb1fad1786d85f7eeb77f4ff6513b90fbc8c3555beae94b6acd676b2f59536ec0e4b4f6c112281004e7ebc751f889f71bc67555d81
-
SSDEEP
393216:o9myVNm835RsbNJsfvLXVxB/NwdXlSordSD+p5o:o7y82jsHLDBGXUoRC+o
Malware Config
Targets
-
-
Target
AnyDesk(1).exe
-
Size
13.7MB
-
MD5
f1361a01a6b85481f3af6a3b627ecef1
-
SHA1
5fbd6e27ca34a780a2914e68838fc43f46deef3d
-
SHA256
c972e253e3dcd8c871e40e0e3ef2288ba8dfcc65ba7e0d8988d95fe7603170ad
-
SHA512
505627f6b196fd74d958302b00113a4097b9b8986bd0b320ea837b22b06819caf1e602ac4e551ecc1ee8c3eef16abe88a1a055984f8b71b0abcc13b4b87d383e
-
SSDEEP
196608:P0Mf2FOO3q+SX5y50wHT/3V49S2kJgHRbv13UxvRdbk3UlbbfnfsUxh+yRPB0baR:EaB859lWzHlN3cvdnffsUjXZ0baLI2J
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1