Overview

overview

10

Static

static

10

AnyDesk.exe

windows7-x64

7

AnyDesk.exe

windows10-2004-x64

9

Resubmissions

15-08-2024 21:32

240815-1dktaszfkn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnyDesk.exe

  • Size

    103.5MB

  • Sample

    240815-1dktaszfkn

  • MD5

    9e857f915a409090f09143ce302bbc3b

  • SHA1

    86af96f5aab9fa8aed4dce26da8af2bea36ecaee

  • SHA256

    acdf571ce148a70121edc7b8a2bac60cbbea31a4dbc99d95d6cc334159c026ab

  • SHA512

    b059c25aca64f292d9e5a38c063eb61f9075089c1418465703e09a24cbcf8c95c40db867b0d080c93044e4d663b5bf42f5a806e2a5cecd196f87931b2a6d0240

  • SSDEEP

    3145728:SCOb8S6xjKcBaIc2qHO5iVIinGQbRe0zJcBqW7jr5to:QgSWNaIsHCip1XcBqW7j

Score
10/10
pysilonevasionexecutionpersistenceupx

Malware Config

Targets

    • Target

      AnyDesk.exe

    • Size

      103.5MB

    • MD5

      9e857f915a409090f09143ce302bbc3b

    • SHA1

      86af96f5aab9fa8aed4dce26da8af2bea36ecaee

    • SHA256

      acdf571ce148a70121edc7b8a2bac60cbbea31a4dbc99d95d6cc334159c026ab

    • SHA512

      b059c25aca64f292d9e5a38c063eb61f9075089c1418465703e09a24cbcf8c95c40db867b0d080c93044e4d663b5bf42f5a806e2a5cecd196f87931b2a6d0240

    • SSDEEP

      3145728:SCOb8S6xjKcBaIc2qHO5iVIinGQbRe0zJcBqW7jr5to:QgSWNaIsHCip1XcBqW7j

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks