Overview

overview

10

Static

static

3

Anydesk.exe

windows7-x64

10

Anydesk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Anydesk.exe

  • Size

    2.6MB

  • Sample

    240905-v4qjkswcnk

  • MD5

    1260f4063a10df83764899a7e2126a59

  • SHA1

    56b19520b85d2847304c02c2c0cc1f6774d782b3

  • SHA256

    75a16dcebfd5ceed55da11872658e7456f47141476fc44a9159a25bf76da8613

  • SHA512

    0f5d2862a1f8be40cec3caa8d850412693df1199c029e5f4021cd9662e4dd467dbe0e0f668b398f109b9357f297a08abb939509abc677558ceabcead8dda0397

  • SSDEEP

    49152:hmWDukvNTiP4FsDG8ryS8woCFW7ACqZ0rFQU+pK0Mk:hzikVTsgaPb87ACqZIFQU+pK0l

Score
10/10
agentteslaevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Anydesk.exe

    • Size

      2.6MB

    • MD5

      1260f4063a10df83764899a7e2126a59

    • SHA1

      56b19520b85d2847304c02c2c0cc1f6774d782b3

    • SHA256

      75a16dcebfd5ceed55da11872658e7456f47141476fc44a9159a25bf76da8613

    • SHA512

      0f5d2862a1f8be40cec3caa8d850412693df1199c029e5f4021cd9662e4dd467dbe0e0f668b398f109b9357f297a08abb939509abc677558ceabcead8dda0397

    • SSDEEP

      49152:hmWDukvNTiP4FsDG8ryS8woCFW7ACqZ0rFQU+pK0Mk:hzikVTsgaPb87ACqZIFQU+pK0l

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks