69f92b4ce53a60816df14b7eff0fdda1414d5dfb5978e55626feec4354c61c43 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AnyDesk.zip
Size

15.7MB
Sample

240502-y4heraeh81
MD5

607728060ca8b77d662928804e20517e
SHA1

fe307ef7cd322b113c0f230f2546f40eb51e9090
SHA256

69f92b4ce53a60816df14b7eff0fdda1414d5dfb5978e55626feec4354c61c43
SHA512

a6318f186bc120d96805b6822761b530818e7b794552bd828b21461babda62941ee6f7d225843bf511dbc4b19cf0f90ae3477be8fe52fbefa51558e30a4e55eb
SSDEEP

393216:8mnoDXZ/naojVvuT8MoZKyiWRelx/5CV4zdRKhMQ6AHj:8god/n75Q83KyiWRelx/4CzdRqMT0j

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  16.0MB
- MD5
  
  4c2b2e2cd5ec093259184157ee5286f0
- SHA1
  
  3462f62bc3e5d597f9d9c7dca4057f5922106094
- SHA256
  
  6c4ae2e9d2c609bed153220af6aa504c26ec9b42b73bdff055857b6d79364dad
- SHA512
  
  d98220e12c39939cd80aa921036cda49beeaa106aef9f8db8181f9cd298dd34cf64ef732811ebb0ae3891f19b6fd5c08fb03be01fc55a6fe29190bbf711c0f24
- SSDEEP
  
  393216:Ol4DfwLgtIGI5ShR4uwYeMeuj9ttmtN3ZWdj3f8CBsycF91:g480ttuQ2ceMeIttmtN3MzfB2bn
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2