1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

AnyDesk.exe

windows11-21h2-x64

6

Resubmissions

18-02-2025 10:22

250218-md9krszkhm 6

17-02-2025 23:11

250217-26fkqavjgk 7

17-02-2025 22:39

250217-2lcy4atqcy 6

17-02-2025 10:36

250217-mnkpdsykal 7

16-02-2025 19:11

250216-xwajhawmhz 7

16-02-2025 19:09

250216-xtsx3awkdj 6

13-02-2025 11:50

250213-nzyk3axlgp 6

08-02-2025 16:12

250208-tnshkatqgy 3

Sharing

General

Target

AnyDesk.exe
Size

5.1MB
Sample

250213-nzyk3axlgp
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

6^/10

adware defense_evasion discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win11-20250210-en

adware defense_evasion discovery persistence privilege_escalation stealer

windows11-21h2-x64

32 signatures

900 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  5.1MB
- MD5
  
  aee6801792d67607f228be8cec8291f9
- SHA1
  
  bf6ba727ff14ca2fddf619f292d56db9d9088066
- SHA256
  
  1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
- SHA512
  
  09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
- SSDEEP
  
  98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Score

6^/10

adware defense_evasion discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasiondiscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy