d3b606e08c524995b585d6649183387068ee1dda60dc7e11c950966a7e73f234 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

AnyDesk.exe

windows10-ltsc 2021-x64

9

Sharing

General

Target

AnyDesk.exe
Size

3.0MB
Sample

250205-tdfe9avpam
MD5

c8eeac24eca23bd1df10b02d5430432d
SHA1

39194c57c0488eca2ca7600d03783f6df4957688
SHA256

d3b606e08c524995b585d6649183387068ee1dda60dc7e11c950966a7e73f234
SHA512

e67f30c7bdac4b57cdad769b332b586a25c8d95fd0361a90986fad1e5ee2746b4a67c6a74defadf92a2499f6b5fb7b7a26057a5148ad270e45bacd366419f94f
SSDEEP

49152:PjHajM8yMboA7HSP/LRVTRoxy4cUARNLBQfnysp8OQmY7jRvTepmgChCkjIvaW:P0ByMPGP/LRVTmM4qNLB4kjRbWChCkOR

Score

9^/10

defense_evasion discovery persistence themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10ltsc2021-20250128-en

defense_evasion discovery persistence themida trojan

windows10-ltsc 2021-x64

28 signatures

900 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  3.0MB
- MD5
  
  c8eeac24eca23bd1df10b02d5430432d
- SHA1
  
  39194c57c0488eca2ca7600d03783f6df4957688
- SHA256
  
  d3b606e08c524995b585d6649183387068ee1dda60dc7e11c950966a7e73f234
- SHA512
  
  e67f30c7bdac4b57cdad769b332b586a25c8d95fd0361a90986fad1e5ee2746b4a67c6a74defadf92a2499f6b5fb7b7a26057a5148ad270e45bacd366419f94f
- SSDEEP
  
  49152:PjHajM8yMboA7HSP/LRVTRoxy4cUARNLBQfnysp8OQmY7jRvTepmgChCkjIvaW:P0ByMPGP/LRVTmM4qNLB4kjRbWChCkOR
Score

9^/10

defense_evasion discovery persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencethemidatrojan

© 2018-2025

Terms | Privacy