Overview

overview

10

Static

static

3

AnyDesk.exe

windows7-x64

10

AnyDesk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnyDesk.PIF

  • Size

    1.1MB

  • Sample

    241129-je2prsymfj

  • MD5

    6139238e4742769b6c53d1dc66404a9e

  • SHA1

    4ed13f501476f0d4da49b259167c19cc2a449939

  • SHA256

    e0ee945c690f55a1ae5b9bf3c8376fb8076962b47e5835a65df05d2c67cc84ac

  • SHA512

    fe2d103fe5554ff53455190d6212092ecace52e7ab2c22d9e63d97583bd74ce487c2f72c2a7c9b17c6b662b88d8caa25a54a3dc439f4abd51c7de6fa17e39adc

  • SSDEEP

    24576:w9IrPEUBIh+J+vDNSTG2bydflRBcK/F50V2yZp5ivUo:weYcrpUbBcK/F222p5K

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      AnyDesk.PIF

    • Size

      1.1MB

    • MD5

      6139238e4742769b6c53d1dc66404a9e

    • SHA1

      4ed13f501476f0d4da49b259167c19cc2a449939

    • SHA256

      e0ee945c690f55a1ae5b9bf3c8376fb8076962b47e5835a65df05d2c67cc84ac

    • SHA512

      fe2d103fe5554ff53455190d6212092ecace52e7ab2c22d9e63d97583bd74ce487c2f72c2a7c9b17c6b662b88d8caa25a54a3dc439f4abd51c7de6fa17e39adc

    • SSDEEP

      24576:w9IrPEUBIh+J+vDNSTG2bydflRBcK/F50V2yZp5ivUo:weYcrpUbBcK/F222p5K

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks