30663f0574cd075b83fe01ed7e639000029132536a493ed88cdc1f2f2c012890 | Triage

Sharing

General

Target

AnyDesk.msix.zip
Size

5.9MB
Sample

241003-kh6zbsxgnb
MD5

3f32a9a0c8e94c262518782021d99c9d
SHA1

ff617d99a6d8e44646983badf8c6403735ef9fa0
SHA256

30663f0574cd075b83fe01ed7e639000029132536a493ed88cdc1f2f2c012890
SHA512

d82ddcfcce5be49b83f2048bccec8820e0ec1f577083b914b47465c1bfbaccea050c90e3600b673ae18d1040350e0f256179c140c7458f65d730d38127ea2c2a
SSDEEP

98304:9jpbM6FnzWy7bPhxM8ZosGykGk4LNkNsIpCRe20THBgPLxOdUdQEYhy7+HS:f3F6y7b5xM8ZosG1GhLeCReT+PLxOzpy

Score

5^/10

discovery execution

Malware Config

Targets

- Target
  
  AnyDesk.msix.zip
- Size
  
  5.9MB
- MD5
  
  3f32a9a0c8e94c262518782021d99c9d
- SHA1
  
  ff617d99a6d8e44646983badf8c6403735ef9fa0
- SHA256
  
  30663f0574cd075b83fe01ed7e639000029132536a493ed88cdc1f2f2c012890
- SHA512
  
  d82ddcfcce5be49b83f2048bccec8820e0ec1f577083b914b47465c1bfbaccea050c90e3600b673ae18d1040350e0f256179c140c7458f65d730d38127ea2c2a
- SSDEEP
  
  98304:9jpbM6FnzWy7bPhxM8ZosGykGk4LNkNsIpCRe20THBgPLxOdUdQEYhy7+HS:f3F6y7b5xM8ZosG1GhLeCReT+PLxOzpy
Score

1^/10
behavioral1 behavioral2
- Target
  
  PsfLauncher32.exe
- Size
  
  302KB
- MD5
  
  e005414b82df848717581bd260725b02
- SHA1
  
  6ad75f8152617858d463f36cf4b2ce432e0ad4df
- SHA256
  
  312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
- SHA512
  
  be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562
- SSDEEP
  
  6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PsfLauncher64.exe
- Size
  
  370KB
- MD5
  
  bfcb4275530e99a5e3fca4614a645fb5
- SHA1
  
  622421f44db52d39947e8229f7fa44a98339957f
- SHA256
  
  338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
- SHA512
  
  21cab7c56f53305038fa5603720853a38aeddf0dde2e02c9f1d0e83d6dbf9983f755b11a00d487bb8356b0ab69cf9e953a9786cd89e2180b7d428e038271c41b
- SSDEEP
  
  6144:thxzPfoMtkmiZqfrnZSG85YhDFohEUMaWT4I+wKn:tnzPLtbWqDUsNFoOaGKn
Score

1^/10
behavioral5 behavioral6
- Target
  
  PsfRunDll32.exe
- Size
  
  92KB
- MD5
  
  96376177175a1b23a95c6498e9ffb2b5
- SHA1
  
  f9d41e74bf714ed8ba60eac4f99060a5d5f92b26
- SHA256
  
  324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
- SHA512
  
  f792432ac0c675548849ea238934ea84eadc44cd94eb9e2e7859267e20ea18a52a9d562602d96f61c5080e0fa94caa4ef6a41e49bafb670b7dd29e35490b48df
- SSDEEP
  
  1536:IU5eCS6ZrIb3BIh7iCH+E+MteSQ40X/qchNXQDGdl0S6gsWRUchcdesCkwcmSZ0l:/eCh23BIhWCMSQ40XCMNl0F6kesCkwcu
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  PsfRunDll64.exe
- Size
  
  115KB
- MD5
  
  8466f69926a22670dcf6515a4fc3c054
- SHA1
  
  fd7a2d377cce9545fff272905af7016bd512aefc
- SHA256
  
  b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
- SHA512
  
  5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
- SSDEEP
  
  3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score

1^/10
behavioral10 behavioral9
- Target
  
  PsfRuntime32.dll
- Size
  
  368KB
- MD5
  
  a9f0eeb621dd5883258113cc4b490929
- SHA1
  
  3c84cdde573eb0f94865f749d9095940cdef409e
- SHA256
  
  11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
- SHA512
  
  336709007cb4723227f47ff153c99630209995315c8ecbbbe1ca24a48a133ed74ad6e557a123886dbb9a2022c752c67ef7c26524e6a59e8f0e125753a264c2fd
- SSDEEP
  
  6144:gkIVNQKH9HisvT9/taRJ9AONndrKV1UaMCk7KxAOOCyXjmw:gkIVDvT9/t6nAuEMjOxICQjmw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  PsfRuntime64.dll
- Size
  
  467KB
- MD5
  
  61863b4c1aeefe10d69f54c03d373fd5
- SHA1
  
  4b448f7b4358945b3e9d744d97d6b7c860e5c5b8
- SHA256
  
  495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
- SHA512
  
  f97b69a5567e477ca67ad7f41933b00a57f74bb4f69c01161c17735b8bb35590cf06aff0fafe8308104e9385a0eb808d8735be9a744c8d2d100c9a9ea5f842a8
- SSDEEP
  
  12288:ybYu1g7I2hxD54yFTuWwp6wYcoDvbAfE63U4:qg7I2hZDFTuW/wx+kHU4
Score

1^/10
behavioral13 behavioral14
- Target
  
  StartingScriptWrapper.ps1
- Size
  
  14KB
- MD5
  
  da5bf3010154020db9db4cf8832b42ea
- SHA1
  
  15ba3dc3bbcb16a26839862d79b3519e74a5e03a
- SHA256
  
  7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
- SHA512
  
  d70c6df571a069797f5eb1ac9a3e30293914b8f1378714e97ae0b881ee5a833f0944ee7246e2768ed74747637deade85306e837a25b1757a1bc3abb7d6eaa9e2
- SSDEEP
  
  384:wrBzBV4OHcvFcYlu2V8uMcg5apqpBw2qFA5WFQExxR/c/mZ1:KBr4DSYlu2VzMcgwgBLqJQO/ceD
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  TMjeHPwgTlKMK.ps1
- Size
  
  2KB
- MD5
  
  3c9183f2747e3a76aaf4ce6c0698cf54
- SHA1
  
  3fae4f27a9075fc2126ed864f6e867f984f2453e
- SHA256
  
  9293015d45a79c8c0eb2ffd7bcc9dcdb366c825a17c91bee4db50eef9bb678c9
- SHA512
  
  ebe38379abcb131ac94a978121b04ad91c0c8bf365f3072c96e7cd400470f148813833d438f305b6bdb24af4b509bf65c24b6bbef3cdf26efb16f10c3e2b4b37
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  VFS/Programs/AnyDesk.exe
- Size
  
  5.0MB
- MD5
  
  a21768190f3b9feae33aaef660cb7a83
- SHA1
  
  24780657328783ef50ae0964b23288e68841a421
- SHA256
  
  55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
- SHA512
  
  ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
- SSDEEP
  
  98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20