Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    06-06-2024 08:28

General

  • Target

    anydesk.dmg

  • Size

    14.0MB

  • MD5

    83b6e2714e9abce1043f7c2879c9b010

  • SHA1

    e205b810d4f8b6c651f4222714777e82aa920678

  • SHA256

    9d3ddcea8fd39ea6da374fdcd77dae55dd5088238271f77f6eed6ef2f5a2e501

  • SHA512

    1a41fb2c488a17d50254ba424cc278c9f617aa0d3505c6799341fa909763faba0dfeebc1da88d818a1c6656ebaa10ac405654a7567822a2d8c0a3c09e25df9cc

  • SSDEEP

    393216:UNUingI7fU+XOg/y0rMBrWQxLFBaNwyfSkNP:69LBq0IdaNPKkNP

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/AnyDesk/AnyDesk.app\""
    1⤵
      PID:525
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/AnyDesk/AnyDesk.app\""
      1⤵
        PID:525
      • /usr/bin/sudo
        sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"
        1⤵
          PID:525
          • /bin/zsh
            /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"
            2⤵
              PID:526
            • /usr/bin/open
              open /Volumes/AnyDesk/AnyDesk.app
              2⤵
                PID:526
            • /usr/libexec/xpcproxy
              xpcproxy com.philandro.anydesk.2300
              1⤵
                PID:529
              • /Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk
                /Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk
                1⤵
                  PID:529
                • /Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk
                  /Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk --local-service
                  1⤵
                    PID:534
                  • /usr/libexec/xpcproxy
                    xpcproxy com.apple.spindump
                    1⤵
                      PID:535
                    • /usr/sbin/spindump
                      /usr/sbin/spindump
                      1⤵
                        PID:535
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.spindump_agent
                        1⤵
                          PID:536
                        • /usr/libexec/spindump_agent
                          /usr/libexec/spindump_agent
                          1⤵
                            PID:536

                          Network

                          MITRE ATT&CK Matrix

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • /Users/run/.anydesk/anydesk.trace

                            Filesize

                            3KB

                            MD5

                            aab63a8993a925ba700df6e3d5729c89

                            SHA1

                            cbd87c43c426b9e3ece5ed5dbbf7f8e45054550f

                            SHA256

                            0ddd73cdb4cb93385468511b2715f19562c90025b9bb706c3804dbdf174770bf

                            SHA512

                            cfcc1fa6ba402e130281e5a9ecbcf7727d3c9f316efea547532a0592b46bc20f8254228e4ba438add8d3e1a65a14df02d87b19eab181c1e00fb26a1865fbc0a1

                          • /Users/run/.anydesk/service.conf

                            Filesize

                            1KB

                            MD5

                            142592bc2e75d56ffbe9c73a17ac57fe

                            SHA1

                            83af2c0ffb6214414ab2ef91ae79f39d3f021cb3

                            SHA256

                            35a4fea4406c90a63f2618ef11228821a53868656e3521003924913447c03f17

                            SHA512

                            a1d49baf33d14dff7b8f964cefaed7adf04afda6128e236552cf5bdb5650be8f949fac8c63a26309766c9a7fa143c4d308c5ba850a037007c18f0b4ea16b5900

                          • /Users/run/.anydesk/service.conf

                            Filesize

                            2KB

                            MD5

                            77ca3136a9a2de26460f391353b042b5

                            SHA1

                            bb1a6236ea20fc252d2ff84696d55f2997c0035d

                            SHA256

                            17987288fb634610af98c1017d71350979e776400f26214b6ea40d49ba7e9960

                            SHA512

                            719158fed3155122ad20e5d424d9181f0af5beff2a29db17d29e3a07213549e4b54a52a964ed5a1f93a09b72932074f0152c9328ba2e731f3920a69f476f7acb

                          • /Users/run/.anydesk/system.conf

                            Filesize

                            424B

                            MD5

                            07d02a7f5fd420d5832965c8153bf2b6

                            SHA1

                            e7a30ebfae9c9fc330966b9a5b72c1a2bae020ca

                            SHA256

                            4203d2a6d8116a63d2886f3ca312bc0b0770865dda4eac94e6584760af234011

                            SHA512

                            827f9c7aafdfd2772b2d5258d5c05448799033915005bdd89d5d43fe667c403c0efa53b4ad99e766ebcbff25433f95e6b9ec6ffaa7e7b6ecd0354d9165cae233

                          • /Users/run/.anydesk/system.conf

                            Filesize

                            312B

                            MD5

                            0c04ad1083dc5c7c45e3ee2cd344ae38

                            SHA1

                            f1cf190f8ca93000e56d49732e9e827e2554c46f

                            SHA256

                            6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

                            SHA512

                            6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

                          • /Users/run/.anydesk/system.conf

                            Filesize

                            367B

                            MD5

                            0c58d7fe30acaf56843aefd8dae4b8d9

                            SHA1

                            5716d0e004ffcc2aa8e0ea77e29fe49f8773bdfa

                            SHA256

                            21c6e374d0ced9fb00be1e11e36e9d7e8ff797f07f8fb79ed59a67cd08107ec3

                            SHA512

                            2f1192c7221e7df115d5b6ac0c852c57e9a79adef0d336f217262a9d01a1a36336c3323bc13b577aaa1e948eee9e16cefc774196446914616e00398d2d628d2a

                          • /Users/run/.anydesk/system.conf

                            Filesize

                            391B

                            MD5

                            fa0d9340e1b47963165cabe2ee078f1c

                            SHA1

                            3410277cf9fa460f659f8f344bd9e8319f5a4f9e

                            SHA256

                            c134df142a18c7b6dc968717a0c655ef0fb967a670e2c93dd7a94c7319055b04

                            SHA512

                            cd4cf75dc61414005aa8252ada3f44dc2d7809743c3d549e8f9d6b8694474832f98e551715e9e74a3464dae036b5375ddde967900e5d9b53d9f587881e88c31f

                          • /Users/run/.anydesk/system.conf

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /Users/run/.anydesk/system.conf

                            Filesize

                            424B

                            MD5

                            d29dfa09b39288138c6dbec73314de51

                            SHA1

                            67ae558f2d2aa020c9f598b8f0d8f0ff76af2db2

                            SHA256

                            e42d771e3b956e96b4e40d0ff3e315bc54d7f98072353f75f7dffc8dea5a5048

                            SHA512

                            e405f9ad57b30035201377844ba43a7d8d72ced7258c021856a86bef3acb12d6e6ae08029c65960575442c24243386714155531c6b7acc15705b04a7486090ef