Overview

overview

10

Static

static

10

AnyDesk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk.exe

  • Size

    95KB

  • MD5

    3a0e18d87adcea0a8df706474cc914a7

  • SHA1

    21a8eef6c8f5a68c9af51261b9bd0172998a181a

  • SHA256

    7bcdd0898ed483bf11e13e242c13b5130349c44f8f78de6eeb8d491462d74f32

  • SHA512

    763030dc5a07a0e20e5af5757bc600cfbe0cfc2e772cf16722a2134d00e74aad266f6aba8bf8c405cb93e5169fe7308cdb16c73a7300bb5399d4a76a419a7439

  • SSDEEP

    1536:/u/dRTUPE2M2NiuZJgbqc22+SSCJz0T8cTldU3x:/u/DTUPE2MciuZebqALBdK8Qe3x

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

XBFhrhqb627o

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
      PID:3532

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3532-0-0x00000000750BE000-0x00000000750BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3532-1-0x00000000002A0000-0x00000000002BE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3532-2-0x00000000750B0000-0x0000000075860000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3532-3-0x00000000750BE000-0x00000000750BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3532-4-0x00000000750B0000-0x0000000075860000-memory.dmp

      Filesize

      7.7MB

      Download