Overview

overview

10

Static

static

1

AnyDesk 8....le.exe

windows10-1703-x64

10

AnyDesk 8....le.exe

windows10-1703-x64

5

AnyDesk 8....up.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnyDesk 8.0.3 (2023) PC.rar

  • Size

    5.5MB

  • Sample

    240523-nxfx8sfa75

  • MD5

    de7a3235ff507f566123d98ebd0c1e49

  • SHA1

    bbcd0334b8742df01fc0d92e807ee8a95904e15d

  • SHA256

    5a8a76a01446c6a7f89d3bfcb7e97a1e3f559251912c7faeab16ca5b1cf119ae

  • SHA512

    353d8cad2142d03206178903a135590e658e5a7b9041a757aa2efe5e633413e901c6247bd25a66784d7d677be2c2ba10bb55291d91a88020d8c11a955ca6d0ac

  • SSDEEP

    98304:UtPtPeNiXWd9RW3nrZp13bdl+eWYvgYxBu7VpTsDkCgPLtOgsfcq:Ut7XKurZp13bdlNoc0p6DkVAgsfcq

Score
10/10
asyncratnewtorexecutionratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

NEWTOR

C2

torenta2.vpndns.net:115

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AnyDesk 8.0.3 (2023) PC/AnyDeskportable.exe

    • Size

      230KB

    • MD5

      ca8c6b0b2682eaf62b2383e113193a26

    • SHA1

      887d4e0fa98c55904e0b6948be885c679ce00a5e

    • SHA256

      e69a5d78906152de49b910d881b6c894cf8cd8dcd575c5c12a0616070884c18c

    • SHA512

      75c7523b184d435d3c21893a5c1df57c3b2829e25507c8b3964f709ed1f48c4337f04bed6b0f1e737980c6e1010b6ee3860ecae1a584a933cfde9fcc79bc923d

    • SSDEEP

      3072:72f5n2nHpJe2Z8B7EZ7sUKk/9j1CfT3o4JmV:iiHpJWBEsUKkFs3s

    Score
    10/10
    asyncratnewtorexecutionratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

    • Target

      AnyDesk 8.0.3 (2023) PC/data/AnyDeskportable.exe

    • Size

      5.2MB

    • MD5

      37e172be64b12f3207300d11b74656b8

    • SHA1

      1895d7c4f785f92e48b5191fd812822593cbc73f

    • SHA256

      bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

    • SHA512

      98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

    • SSDEEP

      98304:pgBOLscYr9NrQO6lSdAd7qvlyBhbUhrZsTY3ycd8izlxGhzAqK3:KOoc+dQO6+Ad7qdriTYlfzlIhMt

    Score
    5/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral2

    • Target

      AnyDesk 8.0.3 (2023) PC/data/setup.dll

    • Size

      261KB

    • MD5

      f07a3f5270d4eaaab6b0f9f492278b6d

    • SHA1

      be18e4a572beadf376afe893cd790fd8c8e23251

    • SHA256

      2cb40e7f791275cd2735bc405de4686d5bcecb07bae643d5df8f4ed53c54de19

    • SHA512

      1ff787dd6421d3c6725457056dfbaa8cc49b226c13b164145026e85d3918ccfb0f42e92e03481278911ae6dfd0904fab0903bd7ce9f5efffcc1b8a00204420be

    • SSDEEP

      6144:pKMCmqq0t5mQZTeEVH04PKwzpdkSP5NeLTj5TW6Gd6kbDp:NtetLTeEJtzpdkSCTU/46

    Score
    1/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

5
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks