29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce | Triage

Submit
Reports

Overview

overview

8

Static

static

3

AnyDesk.exe

windows10-2004-x64

8

AnyDesk.exe

windows10-ltsc_2021-x64

7

AnyDesk.exe

windows11-21h2-x64

7

Sharing

General

Target

AnyDesk.exe
Size

5.4MB
Sample

250327-qssscavk12
MD5

f884234422e727ade2bcd29916264de1
SHA1

c90743f008f4caa7caed9f4b9f2b82bc39f52aa1
SHA256

29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce
SHA512

2efffd5e385723e054c6b142454cd00860941caebad447d4cb305cf2b1052d2063c2bbe1adbbb5b9a04b46e5d0bbe7814f3a746a0570f9d0b4691c4c9b47008c
SSDEEP

98304:pPdU+2966olQpKjALWuuvHemTHVfHsYFw4AMupfBcmGBTP8LanJbDrs:py+2r/pwALXuvH7eYlA1pfoqanB4

Score

8^/10

discovery motw phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10v2004-20250314-en

discovery motw phishing

windows10-2004-x64

26 signatures

900 seconds

Behavioral task

behavioral2

Sample

AnyDesk.exe

Resource

win10ltsc2021-20250313-en

windows10-ltsc_2021-x64

8 signatures

900 seconds

Behavioral task

behavioral3

Sample

AnyDesk.exe

Resource

win11-20250313-en

windows11-21h2-x64

7 signatures

900 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  5.4MB
- MD5
  
  f884234422e727ade2bcd29916264de1
- SHA1
  
  c90743f008f4caa7caed9f4b9f2b82bc39f52aa1
- SHA256
  
  29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce
- SHA512
  
  2efffd5e385723e054c6b142454cd00860941caebad447d4cb305cf2b1052d2063c2bbe1adbbb5b9a04b46e5d0bbe7814f3a746a0570f9d0b4691c4c9b47008c
- SSDEEP
  
  98304:pPdU+2966olQpKjALWuuvHemTHVfHsYFw4AMupfBcmGBTP8LanJbDrs:py+2r/pwALXuvH7eYlA1pfoqanB4
Score

8^/10

discovery motw phishing
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymotwphishing

behavioral2

behavioral3

© 2018-2025

Terms | Privacy