General
-
Target
x64 M-Centres 3.3.zip
-
Size
347KB
-
Sample
240930-zk9kkavbkr
-
MD5
5f45716b7ccaf4eb538177ae17d75580
-
SHA1
e9af8869c7a61a0afb374633fe05921a8bcbee5e
-
SHA256
945c3bc68473659e392aec1fc292347fecf3aabaa1bc507015d20fe9e5f2cf48
-
SHA512
30c4b481eb42ee4fdcb1336c69486d270e05ef3d727291edbf5131071adc392de0eb26c1e0845086b95c167022987b50df6c6c226efd4588acc62615a397edfa
-
SSDEEP
6144:GWDwHluGxyA1KgKWHbSVMntydMGv27qJRUDth3lO:UXxyA1KgKWHOW4WGv27qJO73lO
Static task
static1
Behavioral task
behavioral1
Sample
x64 M-Centres 3.3.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
x64 M-Centres 3.3/M-Centres 3.3.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
x64 M-Centres 3.3/M-Centres 3.3.exe.config
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
x64 M-Centres 3.3/Newtonsoft.Json.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
x64 M-Centres 3.3/Newtonsoft.Json.xml
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
x64 M-Centres 3.3.zip
-
Size
347KB
-
MD5
5f45716b7ccaf4eb538177ae17d75580
-
SHA1
e9af8869c7a61a0afb374633fe05921a8bcbee5e
-
SHA256
945c3bc68473659e392aec1fc292347fecf3aabaa1bc507015d20fe9e5f2cf48
-
SHA512
30c4b481eb42ee4fdcb1336c69486d270e05ef3d727291edbf5131071adc392de0eb26c1e0845086b95c167022987b50df6c6c226efd4588acc62615a397edfa
-
SSDEEP
6144:GWDwHluGxyA1KgKWHbSVMntydMGv27qJRUDth3lO:UXxyA1KgKWHOW4WGv27qJO73lO
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
-
-
Target
x64 M-Centres 3.3/M-Centres 3.3.exe
-
Size
98KB
-
MD5
07c1284cb3dc9a586885bca5ca3301af
-
SHA1
272a41f88d7a05e202ca5a6d9a4e45520eeabe4b
-
SHA256
bd1d7c2527989fef3ed285f30498b7406fcb7080f61a317c6921a71b71df09bb
-
SHA512
2afb1c81d5e9cf9b6c31cb12ec43bfb146f64a2cfb49ee2521b868c20af12ed3847d42f287b24ac61483007be41a38b9e371877bbf659cbd11c020e13ba8188b
-
SSDEEP
1536:P4ehLGUGlUxBOMz6ZMLZl8JWgzHlOnYCUNlYSQaDG9LSCF9FOuzOgu:HyUlfiWgzH+RUNlYS+Kgu
Score1/10 -
-
-
Target
x64 M-Centres 3.3/M-Centres 3.3.exe.config
-
Size
189B
-
MD5
9dbad5517b46f41dbb0d8780b20ab87e
-
SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
-
SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
-
SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
Score3/10 -
-
-
Target
x64 M-Centres 3.3/Newtonsoft.Json.dll
-
Size
685KB
-
MD5
081d9558bbb7adce142da153b2d5577a
-
SHA1
7d0ad03fbda1c24f883116b940717e596073ae96
-
SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
-
SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
-
SSDEEP
12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score1/10 -
-
-
Target
x64 M-Centres 3.3/Newtonsoft.Json.xml
-
Size
693KB
-
MD5
f414b3f68fe7c4f094b8fe8382f858c9
-
SHA1
66ee1b3266fcedde433b392156ab4a24262b2f34
-
SHA256
2d46b37b086d6848af5f021d2d7a40581ce78aadd8ee39d309aee4771a0eeccf
-
SHA512
19b2feb40c2e9d4d20d9a21f88f6ecea773060c056b8cbbd21a6eec41486dc5fc101e6c31129b0d53466d04709bcd4ed777058ddfb02532242b43e253a7b24bd
-
SSDEEP
6144:XqqUmk/RikeaG0rH3jGHdl0/InHHpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUq
Score1/10 -