General
-
Target
AnyDesk.exe
-
Size
1.3MB
-
Sample
250201-ka1gksvndv
-
MD5
5ff8ee7475afdd2db20e9258e7dcb50c
-
SHA1
95c4299c50f07edeb61f4487b9b3cbc60d132e1e
-
SHA256
6773d5157b433a22db33a6ab83f35c32413111a512443e8048e9140042c235c1
-
SHA512
955be61044269cbcc382525600ae636b0eff573d5e9ba21aaadb8cc4d8462e0d2e860134f82792c60b9e11634bee2864321171e60732a5a9bca5d864d56653e2
-
SSDEEP
24576:TT4A/dlGFy6v4YakPz8dCSUNoER/Td8DG/ytY6v/87xaVUhf4pE0swIem:TMA1lGFF3zQCSUNHRbd8DGqtY6WhfD06
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
1.3MB
-
MD5
5ff8ee7475afdd2db20e9258e7dcb50c
-
SHA1
95c4299c50f07edeb61f4487b9b3cbc60d132e1e
-
SHA256
6773d5157b433a22db33a6ab83f35c32413111a512443e8048e9140042c235c1
-
SHA512
955be61044269cbcc382525600ae636b0eff573d5e9ba21aaadb8cc4d8462e0d2e860134f82792c60b9e11634bee2864321171e60732a5a9bca5d864d56653e2
-
SSDEEP
24576:TT4A/dlGFy6v4YakPz8dCSUNoER/Td8DG/ytY6v/87xaVUhf4pE0swIem:TMA1lGFF3zQCSUNHRbd8DGqtY6WhfD06
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2