General
-
Target
AnyDesk.exe
-
Size
1.3MB
-
Sample
250201-jb3snatpc1
-
MD5
782d830545931b36f876fba9d8d8259e
-
SHA1
28255138010a047aa7d4414f666ea8123b89a5e6
-
SHA256
451ad91c9f074f8ff02db9f6a1d2eab157ac3bf492ee0248022dbb7b441cc773
-
SHA512
32a76cba28186842d2392d2faca54426e69baf49f7345b819c26719401f5955d5ae4ea64ac745e331b137c3bf13570642fb48bc8c511fa927525a957b033c7c8
-
SSDEEP
24576:yT4A/dnOFN6gyTWoCAzPRDsaMgHT8E9J/ItY6v/87xaVUhf4pE0XwaTU:yMA1nOF8iAjRDsafHT8E9JgtY6WhfD0u
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
1.3MB
-
MD5
782d830545931b36f876fba9d8d8259e
-
SHA1
28255138010a047aa7d4414f666ea8123b89a5e6
-
SHA256
451ad91c9f074f8ff02db9f6a1d2eab157ac3bf492ee0248022dbb7b441cc773
-
SHA512
32a76cba28186842d2392d2faca54426e69baf49f7345b819c26719401f5955d5ae4ea64ac745e331b137c3bf13570642fb48bc8c511fa927525a957b033c7c8
-
SSDEEP
24576:yT4A/dnOFN6gyTWoCAzPRDsaMgHT8E9J/ItY6v/87xaVUhf4pE0XwaTU:yMA1nOF8iAjRDsafHT8E9JgtY6WhfD0u
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2