General
-
Target
AnyDesk.exe
-
Size
3.7MB
-
Sample
240509-tzgkfaee22
-
MD5
e33aec5aa7033337f6e749a7404f92de
-
SHA1
e34d97910aba3a86bff54648f25f54d9e8fabb6b
-
SHA256
04fca867c197ef8afd566d6c650ce8b87c413488df24ab721029806eccb74807
-
SHA512
b40eee505c6033c233097898ada43412ae2711073f7adc96b68c4389fea414059dd6322157ba1239ca486b3a57d9ac6a5df59eb76f97132c30c7cb899a3550ba
-
SSDEEP
98304:5tc/iNuKEElj7Ssx6zXKJr9aEpaDwvVvtUD+yzOrf+AGUniav4XbbI:5q+LE4dxmoMWAwvNtmOBGPXPI
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
3.7MB
-
MD5
e33aec5aa7033337f6e749a7404f92de
-
SHA1
e34d97910aba3a86bff54648f25f54d9e8fabb6b
-
SHA256
04fca867c197ef8afd566d6c650ce8b87c413488df24ab721029806eccb74807
-
SHA512
b40eee505c6033c233097898ada43412ae2711073f7adc96b68c4389fea414059dd6322157ba1239ca486b3a57d9ac6a5df59eb76f97132c30c7cb899a3550ba
-
SSDEEP
98304:5tc/iNuKEElj7Ssx6zXKJr9aEpaDwvVvtUD+yzOrf+AGUniav4XbbI:5q+LE4dxmoMWAwvNtmOBGPXPI
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-