Resubmissions
18-02-2025 10:22
250218-md9krszkhm 617-02-2025 23:11
250217-26fkqavjgk 717-02-2025 22:39
250217-2lcy4atqcy 617-02-2025 10:36
250217-mnkpdsykal 716-02-2025 19:11
250216-xwajhawmhz 716-02-2025 19:09
250216-xtsx3awkdj 613-02-2025 11:50
250213-nzyk3axlgp 608-02-2025 16:12
250208-tnshkatqgy 3General
-
Target
AnyDesk.exe
-
Size
5.1MB
-
Sample
250218-md9krszkhm
-
MD5
aee6801792d67607f228be8cec8291f9
-
SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066
-
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
-
SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
-
SSDEEP
98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Malware Config
Targets
-
-
Target
AnyDesk.exe
-
Size
5.1MB
-
MD5
aee6801792d67607f228be8cec8291f9
-
SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066
-
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
-
SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
-
SSDEEP
98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Score6/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1