Overview

overview

10

Static

static

10

AnyDesk.exe

windows10-ltsc 2021-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnyDesk.exe

  • Size

    1.3MB

  • Sample

    250201-jfa87stqat

  • MD5

    806f512c8fbf611cfb89eb37b9456918

  • SHA1

    509da795dd604002a3046a3902354aa9c0ca4218

  • SHA256

    899404bf69efe497bdb63c691b5f31d07380d9901642b6211e956f8d386ebb62

  • SHA512

    db526dd96c738845b9dbe2ba7062467288ccae82931750a03285d6b4fd85a5259b49c390fa247119f65d12f3631647d8dab295054463147ab6dc91c2c921987f

  • SSDEEP

    24576:fT4A/d6wF5q6Yh2JoaCmWJZopqgHCl8jpU/KkwtY6v/87xaVUhf4pE0TwIDm:fMA16wFdjC7JZop5il8juNwtY6WhfD0M

Score
10/10
xmrigdefense_evasionexecutionminerpersistence

Malware Config

Targets

    • Target

      AnyDesk.exe

    • Size

      1.3MB

    • MD5

      806f512c8fbf611cfb89eb37b9456918

    • SHA1

      509da795dd604002a3046a3902354aa9c0ca4218

    • SHA256

      899404bf69efe497bdb63c691b5f31d07380d9901642b6211e956f8d386ebb62

    • SHA512

      db526dd96c738845b9dbe2ba7062467288ccae82931750a03285d6b4fd85a5259b49c390fa247119f65d12f3631647d8dab295054463147ab6dc91c2c921987f

    • SSDEEP

      24576:fT4A/d6wF5q6Yh2JoaCmWJZopqgHCl8jpU/KkwtY6v/87xaVUhf4pE0TwIDm:fMA16wFdjC7JZop5il8juNwtY6WhfD0M

    Score
    8/10
    defense_evasionexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Stops running service(s)

      defense_evasionexecution

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Probable phishing domain

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks