Renamed HopToDesk.EXE Execution

Rule Info

Name
Renamed HopToDesk.EXE Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of a renamed version of HopToDesk.EXE HopToDesk is a free remote desktop tool allowing users to share their screen and allow remote control access to their computers and devices. It was seen being abused by ransomware threat actors in order deploy and execute malware remotely.
Reference
https://help.hoptodesk.com/#command-line-arguments-1670685043
Date
2024-05-03 00:00:00
Modified
None
Id
0a5dca6a-f428-4ebe-8773-57d8ed927c1b
Tags
attack.execution
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022