Malware Analysis Report

2024-10-24 21:57

Sample ID 240606-kdbydsbh2w
Target anydesk.dmg
SHA256 9d3ddcea8fd39ea6da374fdcd77dae55dd5088238271f77f6eed6ef2f5a2e501
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9d3ddcea8fd39ea6da374fdcd77dae55dd5088238271f77f6eed6ef2f5a2e501

Threat Level: No (potentially) malicious behavior was detected

The file anydesk.dmg was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 08:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 08:28

Reported

2024-06-06 08:37

Platform

macos-20240410-en

Max time kernel

149s

Max time network

119s

Command Line

[sh -c sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Volumes/AnyDesk/AnyDesk.app]

/bin/zsh

[/bin/zsh -c open /Volumes/AnyDesk/AnyDesk.app]

/usr/bin/open

[open /Volumes/AnyDesk/AnyDesk.app]

/usr/libexec/xpcproxy

[xpcproxy com.philandro.anydesk.2300]

/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk

[/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk]

/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk

[/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk --local-service]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 boot.net.anydesk.com udp
FR 57.129.37.157:443 boot.net.anydesk.com tcp
FR 57.129.37.157:80 boot.net.anydesk.com tcp
FR 57.129.37.157:6568 boot.net.anydesk.com tcp
FR 57.129.37.157:443 boot.net.anydesk.com tcp
FR 57.129.37.157:80 boot.net.anydesk.com tcp
FR 57.129.37.157:6568 boot.net.anydesk.com tcp
N/A 224.0.0.251:5353 udp

Files

/Users/run/.anydesk/anydesk.trace

MD5 aab63a8993a925ba700df6e3d5729c89
SHA1 cbd87c43c426b9e3ece5ed5dbbf7f8e45054550f
SHA256 0ddd73cdb4cb93385468511b2715f19562c90025b9bb706c3804dbdf174770bf
SHA512 cfcc1fa6ba402e130281e5a9ecbcf7727d3c9f316efea547532a0592b46bc20f8254228e4ba438add8d3e1a65a14df02d87b19eab181c1e00fb26a1865fbc0a1

/Users/run/.anydesk/service.conf

MD5 142592bc2e75d56ffbe9c73a17ac57fe
SHA1 83af2c0ffb6214414ab2ef91ae79f39d3f021cb3
SHA256 35a4fea4406c90a63f2618ef11228821a53868656e3521003924913447c03f17
SHA512 a1d49baf33d14dff7b8f964cefaed7adf04afda6128e236552cf5bdb5650be8f949fac8c63a26309766c9a7fa143c4d308c5ba850a037007c18f0b4ea16b5900

/Users/run/.anydesk/system.conf

MD5 0c04ad1083dc5c7c45e3ee2cd344ae38
SHA1 f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA256 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA512 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

/Users/run/.anydesk/system.conf

MD5 0c58d7fe30acaf56843aefd8dae4b8d9
SHA1 5716d0e004ffcc2aa8e0ea77e29fe49f8773bdfa
SHA256 21c6e374d0ced9fb00be1e11e36e9d7e8ff797f07f8fb79ed59a67cd08107ec3
SHA512 2f1192c7221e7df115d5b6ac0c852c57e9a79adef0d336f217262a9d01a1a36336c3323bc13b577aaa1e948eee9e16cefc774196446914616e00398d2d628d2a

/Users/run/.anydesk/system.conf

MD5 fa0d9340e1b47963165cabe2ee078f1c
SHA1 3410277cf9fa460f659f8f344bd9e8319f5a4f9e
SHA256 c134df142a18c7b6dc968717a0c655ef0fb967a670e2c93dd7a94c7319055b04
SHA512 cd4cf75dc61414005aa8252ada3f44dc2d7809743c3d549e8f9d6b8694474832f98e551715e9e74a3464dae036b5375ddde967900e5d9b53d9f587881e88c31f

/Users/run/.anydesk/service.conf

MD5 77ca3136a9a2de26460f391353b042b5
SHA1 bb1a6236ea20fc252d2ff84696d55f2997c0035d
SHA256 17987288fb634610af98c1017d71350979e776400f26214b6ea40d49ba7e9960
SHA512 719158fed3155122ad20e5d424d9181f0af5beff2a29db17d29e3a07213549e4b54a52a964ed5a1f93a09b72932074f0152c9328ba2e731f3920a69f476f7acb

/Users/run/.anydesk/system.conf

MD5 d29dfa09b39288138c6dbec73314de51
SHA1 67ae558f2d2aa020c9f598b8f0d8f0ff76af2db2
SHA256 e42d771e3b956e96b4e40d0ff3e315bc54d7f98072353f75f7dffc8dea5a5048
SHA512 e405f9ad57b30035201377844ba43a7d8d72ced7258c021856a86bef3acb12d6e6ae08029c65960575442c24243386714155531c6b7acc15705b04a7486090ef

/Users/run/.anydesk/system.conf

MD5 07d02a7f5fd420d5832965c8153bf2b6
SHA1 e7a30ebfae9c9fc330966b9a5b72c1a2bae020ca
SHA256 4203d2a6d8116a63d2886f3ca312bc0b0770865dda4eac94e6584760af234011
SHA512 827f9c7aafdfd2772b2d5258d5c05448799033915005bdd89d5d43fe667c403c0efa53b4ad99e766ebcbff25433f95e6b9ec6ffaa7e7b6ecd0354d9165cae233

/Users/run/.anydesk/system.conf

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e