Remote Access Tool - HopToDesk Silent Installation

Rule Info

Name
Remote Access Tool - HopToDesk Silent Installation
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects installtion of HopToDesk.EXE with the silent flag. HopToDesk is a free remote desktop tool allowing users to share their screen and allow remote control access to their computers and devices. It was seen being abused by ransomware threat actors in order deploy and execute malware remotely.
Reference
https://help.hoptodesk.com/#command-line-arguments-1670685043
Date
2024-05-03 00:00:00
Modified
None
Id
62d362a6-fa77-42cf-b581-a172b13d1424
Tags
attack.execution
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022