1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

AnyDesk (2).exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

AnyDesk (2).exe
Size

4.8MB
Sample

240925-xlqsqsveke
MD5

ecae8b9c820ce255108f6050c26c37a1
SHA1

42333349841ddcec2b5c073abc0cae651bb03e5f
SHA256

1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069
SHA512

9dc317682d4a89351e876b47f57e7fd26176f054b7322433c2c02dd074aabf8bfb19e6d1137a4b3ee6cd3463eaf8c0de124385928c561bdfe38440f336035ed4
SSDEEP

49152:meqV5ZTNR7GCogeeQO+f2roC8b9vIT2jDKW4q8TrdzRplNOBLE7Rm1ebw4Tf/Eex:cX1T7bL0KrCqKDV4Jnd1ZOQ7R3rr/f6K

Score

6^/10

bootkit defense_evasion discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk (2).exe

Resource

win11-20240802-en

bootkit defense_evasion discovery persistence

windows11-21h2-x64

22 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AnyDesk (2).exe
- Size
  
  4.8MB
- MD5
  
  ecae8b9c820ce255108f6050c26c37a1
- SHA1
  
  42333349841ddcec2b5c073abc0cae651bb03e5f
- SHA256
  
  1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069
- SHA512
  
  9dc317682d4a89351e876b47f57e7fd26176f054b7322433c2c02dd074aabf8bfb19e6d1137a4b3ee6cd3463eaf8c0de124385928c561bdfe38440f336035ed4
- SSDEEP
  
  49152:meqV5ZTNR7GCogeeQO+f2roC8b9vIT2jDKW4q8TrdzRplNOBLE7Rm1ebw4Tf/Eex:cX1T7bL0KrCqKDV4Jnd1ZOQ7R3rr/f6K
Score

6^/10

bootkit defense_evasion discovery persistence
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistence

© 2018-2025

Terms | Privacy