General
-
Target
AnyDesk.exe
-
Size
1.3MB
-
Sample
250201-kfz31axldr
-
MD5
7cd9ef6b455df1788cf7f1ce5a702882
-
SHA1
f9b533472175b45cb705300cda17376b1d55c9cb
-
SHA256
9212b9da835c827cda2d8e3446875fafd299efe57f8f2c1f2cd8b2bb7b5030e6
-
SHA512
b45c2f50ad0bc4f466c206bba1776a81bd8875722d8df1ba986a4fcea4570aa8a0e7d838f13712b8e994ed1ecd2f863e0a07744e5223d7192e5663e695dfd6d7
-
SSDEEP
24576:FfT4A/dDwF768ZmUoAi312vs/V73a6H8Dq/N5tY6v/87xaVUhf4pE07wI1m:xMA1DwFoN3wvs/1K6H8DqztY6WhfD07q
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
1.3MB
-
MD5
7cd9ef6b455df1788cf7f1ce5a702882
-
SHA1
f9b533472175b45cb705300cda17376b1d55c9cb
-
SHA256
9212b9da835c827cda2d8e3446875fafd299efe57f8f2c1f2cd8b2bb7b5030e6
-
SHA512
b45c2f50ad0bc4f466c206bba1776a81bd8875722d8df1ba986a4fcea4570aa8a0e7d838f13712b8e994ed1ecd2f863e0a07744e5223d7192e5663e695dfd6d7
-
SSDEEP
24576:FfT4A/dDwF768ZmUoAi312vs/V73a6H8Dq/N5tY6v/87xaVUhf4pE07wI1m:xMA1DwFoN3wvs/1K6H8DqztY6WhfD07q
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2