General
-
Target
AnyDesk.exe
-
Size
1.3MB
-
Sample
250201-jr5l7awqap
-
MD5
c0c7ee9f0e9d65ef270e1f3d0d12805b
-
SHA1
a2428f2c434b7c665791507171f26d24706a67bc
-
SHA256
4cc069b269e465b51e0bd472ab6f2863d9b90eacdae1fa35002411f199f6a430
-
SHA512
fbbdd2b714aafd21605a12185636e97fc3659e2a77c4333a2484c3eacfef70589ad430d168a236ca6497430f52589cbf1567edfd080d85bb83b869c7bae2a11a
-
SSDEEP
24576:kT4A/d6wF5q6Yh2JoaCmWJZopqgHC48jpU/grtY6v/87xaVUhf4pE0XwIjm:kMA16wFdjC7JZop5i48juIrtY6WhfD0I
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
1.3MB
-
MD5
c0c7ee9f0e9d65ef270e1f3d0d12805b
-
SHA1
a2428f2c434b7c665791507171f26d24706a67bc
-
SHA256
4cc069b269e465b51e0bd472ab6f2863d9b90eacdae1fa35002411f199f6a430
-
SHA512
fbbdd2b714aafd21605a12185636e97fc3659e2a77c4333a2484c3eacfef70589ad430d168a236ca6497430f52589cbf1567edfd080d85bb83b869c7bae2a11a
-
SSDEEP
24576:kT4A/d6wF5q6Yh2JoaCmWJZopqgHC48jpU/grtY6v/87xaVUhf4pE0XwIjm:kMA16wFdjC7JZop5i48juIrtY6WhfD0I
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2