Analysis Overview
SHA256
9d3ddcea8fd39ea6da374fdcd77dae55dd5088238271f77f6eed6ef2f5a2e501
Threat Level: No (potentially) malicious behavior was detected
The file anydesk.dmg was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-06 08:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 08:28
Reported
2024-06-06 08:37
Platform
macos-20240410-en
Max time kernel
149s
Max time network
119s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Volumes/AnyDesk/AnyDesk.app"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Volumes/AnyDesk/AnyDesk.app]
/bin/zsh
[/bin/zsh -c open /Volumes/AnyDesk/AnyDesk.app]
/usr/bin/open
[open /Volumes/AnyDesk/AnyDesk.app]
/usr/libexec/xpcproxy
[xpcproxy com.philandro.anydesk.2300]
/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk
[/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk]
/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk
[/Volumes/AnyDesk/AnyDesk.app/Contents/MacOS/AnyDesk --local-service]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| FR | 57.129.37.157:443 | boot.net.anydesk.com | tcp |
| FR | 57.129.37.157:80 | boot.net.anydesk.com | tcp |
| FR | 57.129.37.157:6568 | boot.net.anydesk.com | tcp |
| FR | 57.129.37.157:443 | boot.net.anydesk.com | tcp |
| FR | 57.129.37.157:80 | boot.net.anydesk.com | tcp |
| FR | 57.129.37.157:6568 | boot.net.anydesk.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/Users/run/.anydesk/anydesk.trace
| MD5 | aab63a8993a925ba700df6e3d5729c89 |
| SHA1 | cbd87c43c426b9e3ece5ed5dbbf7f8e45054550f |
| SHA256 | 0ddd73cdb4cb93385468511b2715f19562c90025b9bb706c3804dbdf174770bf |
| SHA512 | cfcc1fa6ba402e130281e5a9ecbcf7727d3c9f316efea547532a0592b46bc20f8254228e4ba438add8d3e1a65a14df02d87b19eab181c1e00fb26a1865fbc0a1 |
/Users/run/.anydesk/service.conf
| MD5 | 142592bc2e75d56ffbe9c73a17ac57fe |
| SHA1 | 83af2c0ffb6214414ab2ef91ae79f39d3f021cb3 |
| SHA256 | 35a4fea4406c90a63f2618ef11228821a53868656e3521003924913447c03f17 |
| SHA512 | a1d49baf33d14dff7b8f964cefaed7adf04afda6128e236552cf5bdb5650be8f949fac8c63a26309766c9a7fa143c4d308c5ba850a037007c18f0b4ea16b5900 |
/Users/run/.anydesk/system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
/Users/run/.anydesk/system.conf
| MD5 | 0c58d7fe30acaf56843aefd8dae4b8d9 |
| SHA1 | 5716d0e004ffcc2aa8e0ea77e29fe49f8773bdfa |
| SHA256 | 21c6e374d0ced9fb00be1e11e36e9d7e8ff797f07f8fb79ed59a67cd08107ec3 |
| SHA512 | 2f1192c7221e7df115d5b6ac0c852c57e9a79adef0d336f217262a9d01a1a36336c3323bc13b577aaa1e948eee9e16cefc774196446914616e00398d2d628d2a |
/Users/run/.anydesk/system.conf
| MD5 | fa0d9340e1b47963165cabe2ee078f1c |
| SHA1 | 3410277cf9fa460f659f8f344bd9e8319f5a4f9e |
| SHA256 | c134df142a18c7b6dc968717a0c655ef0fb967a670e2c93dd7a94c7319055b04 |
| SHA512 | cd4cf75dc61414005aa8252ada3f44dc2d7809743c3d549e8f9d6b8694474832f98e551715e9e74a3464dae036b5375ddde967900e5d9b53d9f587881e88c31f |
/Users/run/.anydesk/service.conf
| MD5 | 77ca3136a9a2de26460f391353b042b5 |
| SHA1 | bb1a6236ea20fc252d2ff84696d55f2997c0035d |
| SHA256 | 17987288fb634610af98c1017d71350979e776400f26214b6ea40d49ba7e9960 |
| SHA512 | 719158fed3155122ad20e5d424d9181f0af5beff2a29db17d29e3a07213549e4b54a52a964ed5a1f93a09b72932074f0152c9328ba2e731f3920a69f476f7acb |
/Users/run/.anydesk/system.conf
| MD5 | d29dfa09b39288138c6dbec73314de51 |
| SHA1 | 67ae558f2d2aa020c9f598b8f0d8f0ff76af2db2 |
| SHA256 | e42d771e3b956e96b4e40d0ff3e315bc54d7f98072353f75f7dffc8dea5a5048 |
| SHA512 | e405f9ad57b30035201377844ba43a7d8d72ced7258c021856a86bef3acb12d6e6ae08029c65960575442c24243386714155531c6b7acc15705b04a7486090ef |
/Users/run/.anydesk/system.conf
| MD5 | 07d02a7f5fd420d5832965c8153bf2b6 |
| SHA1 | e7a30ebfae9c9fc330966b9a5b72c1a2bae020ca |
| SHA256 | 4203d2a6d8116a63d2886f3ca312bc0b0770865dda4eac94e6584760af234011 |
| SHA512 | 827f9c7aafdfd2772b2d5258d5c05448799033915005bdd89d5d43fe667c403c0efa53b4ad99e766ebcbff25433f95e6b9ec6ffaa7e7b6ecd0354d9165cae233 |
/Users/run/.anydesk/system.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |