General

  • Target

    x64 M-Centres 3.3.zip

  • Size

    347KB

  • Sample

    240930-zk9kkavbkr

  • MD5

    5f45716b7ccaf4eb538177ae17d75580

  • SHA1

    e9af8869c7a61a0afb374633fe05921a8bcbee5e

  • SHA256

    945c3bc68473659e392aec1fc292347fecf3aabaa1bc507015d20fe9e5f2cf48

  • SHA512

    30c4b481eb42ee4fdcb1336c69486d270e05ef3d727291edbf5131071adc392de0eb26c1e0845086b95c167022987b50df6c6c226efd4588acc62615a397edfa

  • SSDEEP

    6144:GWDwHluGxyA1KgKWHbSVMntydMGv27qJRUDth3lO:UXxyA1KgKWHOW4WGv27qJO73lO

Score
8/10

Malware Config

Targets

    • Target

      x64 M-Centres 3.3.zip

    • Size

      347KB

    • MD5

      5f45716b7ccaf4eb538177ae17d75580

    • SHA1

      e9af8869c7a61a0afb374633fe05921a8bcbee5e

    • SHA256

      945c3bc68473659e392aec1fc292347fecf3aabaa1bc507015d20fe9e5f2cf48

    • SHA512

      30c4b481eb42ee4fdcb1336c69486d270e05ef3d727291edbf5131071adc392de0eb26c1e0845086b95c167022987b50df6c6c226efd4588acc62615a397edfa

    • SSDEEP

      6144:GWDwHluGxyA1KgKWHbSVMntydMGv27qJRUDth3lO:UXxyA1KgKWHOW4WGv27qJO73lO

    Score
    8/10
    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      x64 M-Centres 3.3/M-Centres 3.3.exe

    • Size

      98KB

    • MD5

      07c1284cb3dc9a586885bca5ca3301af

    • SHA1

      272a41f88d7a05e202ca5a6d9a4e45520eeabe4b

    • SHA256

      bd1d7c2527989fef3ed285f30498b7406fcb7080f61a317c6921a71b71df09bb

    • SHA512

      2afb1c81d5e9cf9b6c31cb12ec43bfb146f64a2cfb49ee2521b868c20af12ed3847d42f287b24ac61483007be41a38b9e371877bbf659cbd11c020e13ba8188b

    • SSDEEP

      1536:P4ehLGUGlUxBOMz6ZMLZl8JWgzHlOnYCUNlYSQaDG9LSCF9FOuzOgu:HyUlfiWgzH+RUNlYS+Kgu

    Score
    1/10
    • Target

      x64 M-Centres 3.3/M-Centres 3.3.exe.config

    • Size

      189B

    • MD5

      9dbad5517b46f41dbb0d8780b20ab87e

    • SHA1

      ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

    • SHA256

      47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

    • SHA512

      43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

    Score
    3/10
    • Target

      x64 M-Centres 3.3/Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    • Target

      x64 M-Centres 3.3/Newtonsoft.Json.xml

    • Size

      693KB

    • MD5

      f414b3f68fe7c4f094b8fe8382f858c9

    • SHA1

      66ee1b3266fcedde433b392156ab4a24262b2f34

    • SHA256

      2d46b37b086d6848af5f021d2d7a40581ce78aadd8ee39d309aee4771a0eeccf

    • SHA512

      19b2feb40c2e9d4d20d9a21f88f6ecea773060c056b8cbbd21a6eec41486dc5fc101e6c31129b0d53466d04709bcd4ed777058ddfb02532242b43e253a7b24bd

    • SSDEEP

      6144:XqqUmk/RikeaG0rH3jGHdl0/InHHpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUq

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks