fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654

Sharing

Copy URL

Twitter E-mail

General

Target

M Centers 8th Edition 8.0.1.3 x64.zip
Size

5.4MB
Sample

241130-rh2g6sznhn
MD5

45e79c6885617d804b3cd32374b73c35
SHA1

4fdbff28617c4a42df7584767bb55970cc071411
SHA256

fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654
SHA512

36ab5eb3f2feade7bc8245c9e02ab2885d89d1016667b296f1fb7c0b55ba8448a82a42a6ebe7bb19154e9f27008f1b1fb48d9571572f218714400c582489a772
SSDEEP

98304:h7bWJRBNof5rGnJZ4Kvm0pzrZM8atV4ef2KrqUrMrEDf4OPoiwbEyiO8PKNvlCyQ:hPGHoflA4KvmMXZyfDeUrM8o6PElCyPo

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  M Centers 8th Edition 8.0.1.3 x64.zip
- Size
  
  5.4MB
- MD5
  
  45e79c6885617d804b3cd32374b73c35
- SHA1
  
  4fdbff28617c4a42df7584767bb55970cc071411
- SHA256
  
  fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654
- SHA512
  
  36ab5eb3f2feade7bc8245c9e02ab2885d89d1016667b296f1fb7c0b55ba8448a82a42a6ebe7bb19154e9f27008f1b1fb48d9571572f218714400c582489a772
- SSDEEP
  
  98304:h7bWJRBNof5rGnJZ4Kvm0pzrZM8atV4ef2KrqUrMrEDf4OPoiwbEyiO8PKNvlCyQ:hPGHoflA4KvmMXZyfDeUrM8o6PElCyPo
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1
- Target
  
  FluentWPF.dll
- Size
  
  223KB
- MD5
  
  908668ffde26ab371a2ef711206aa05d
- SHA1
  
  95b60c69c199edd937960d22b793f5e6143c00ac
- SHA256
  
  8e136ec981ed7d7abf0c8153db901fcd9e7a311a61e209d88a9ca2b51fc17838
- SHA512
  
  36c1ef092ee2ddd9640c6c74ab2d76bb61f62415892b9bcddf93772b604c4b45c9ef88834aecac76ef2f0fa38317f74b889cd26436ab0c6a998b803cdf7a023e
- SSDEEP
  
  3072:y56b2y/fw0rvK/mYYA7dTLakKj5/gJxJtxAtEjeznuWRamV3QxoHS9:v2uw0rvK5NJbtxiECrZamV3QSHS
Score

1^/10
behavioral2
- Target
  
  M Centers.exe
- Size
  
  1.6MB
- MD5
  
  1d3d75fa1c81b55d68500d95a92807fb
- SHA1
  
  c45be1e05788005a24e4c73628d1f85003890957
- SHA256
  
  5f405489a7f6c67bbcc130ebbb272a99bde94b0d01b1b958f6f05580fb58a2d3
- SHA512
  
  b910ed4d71503d888d004b28b4991f8d5b8635ad0fb708cc987f4996a1f4e6ee22469f0c9c29946913988fea3163c5f6e313fdf643249eba4adf9d5df0cfcc83
- SSDEEP
  
  49152:Lj2I6gR13Be4vZ+5o12w1cRTTQAwnnsn3nmB:nPRNXBGhw1wTEAwnnsn3nmB
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral3
- Target
  
  M Centers.exe.config
- Size
  
  188B
- MD5
  
  fc89142fba7697e848f0e0c5951d86f1
- SHA1
  
  1c2859c0a3629e3857928f61a6f3c268729b905d
- SHA256
  
  d9ff2b6c916e5b42bc486855eebfbd9e5e409c01d49fc264850fde2ac9268820
- SHA512
  
  af708d2240623549e9bc07ee0da11e7efdc202585390f1b008fbd6dcb0374c2d337f55798b05eea3bfbffd9585d304e7941a4f9b4cbad33b88de9c7a4acd46ec
Score

3^/10
behavioral4
- Target
  
  M Centers.pdb
- Size
  
  215KB
- MD5
  
  a0d02eb06dfe43aef9cb905e2b86ebd9
- SHA1
  
  15c475a635fb3f214ee136061dd6ca3b03325793
- SHA256
  
  ca4c956947fdfcae838fd27cf9a719a97ab43f85ab994fccb352662ed0afed37
- SHA512
  
  d07607c0c3e5544fb69ae99a9c6afdcb0c9491071b77b86c741fedcd4f60bc820ebfc2636e862036d44a0aec4994889fa6d6e562ba80db25554dd6094aeb1a25
- SSDEEP
  
  1536:LDDF3NiV/g6C+cp1vxrE3xbEPJuScJCGOiVyfDFUrE3xZJCGOiVy:Lfitg6bcp1vRUwPHTGlygUmGly
Score

3^/10
behavioral5
- Target
  
  MCentersLibrary.dll
- Size
  
  574KB
- MD5
  
  b7e0fae475b740863ff755f83c797d81
- SHA1
  
  1c6ac23e43f0e17d4175f49fb7310bd42bdc1633
- SHA256
  
  a72909c32b024dd8304bd62472a18b778411456af0fc1ac74de762d1258917e3
- SHA512
  
  bad5c407527434bf2b680775fa045cbd70c8be2d41bdbd51822efe20c694ddbc46b3e145055f293b3bdb39fa22a5952750eb83973d3c060f432c10b7ebcbba02
- SSDEEP
  
  6144:5XMGVqzDn8zTxxvofmCKYCpY+H6bNwnS+drQQAGuajh5A3KqyM40NDcL:rY8plUtcpNS+5V/ua2MB
Score

1^/10
behavioral6
- Target
  
  MCentersLibrary.pdb
- Size
  
  2.3MB
- MD5
  
  3871173661f95706fc1e6a5a698d0e77
- SHA1
  
  06abeb102e030ed81d7fff71756fafa85919a5e3
- SHA256
  
  5bd064d84d0650070f855f5c56ef2116f963938e2ae992179041d4dd3977fa1a
- SHA512
  
  56a92b76e4dac37ce64b3485b045255033ebbd72f389efd95ec64e2a262712bf3d2c435ed8b641caf9684a9ff943c333a1dca00f7e769ac802abb7a7c4ebb803
- SSDEEP
  
  49152:/qSKESFQ1i8G+V2Ge9eBNzKQKCKIsb72CnH4MJQ5TlVazyQEJJ6YYBJwdkueWFBr:/eJ8GyZe9eB9KCKIsb72CnH4MJQ5TlVB
Score

3^/10
behavioral7
- Target
  
  MaterialDesignColors.dll
- Size
  
  309KB
- MD5
  
  51544fc07bb8b88d2f1e87b8f4c32ce6
- SHA1
  
  e235a3e713ae6a949acab603d9001efd529cee1c
- SHA256
  
  f06826845732d945421c341c8d1abb337ab9a2e757d90a763ac618aa445bf63e
- SHA512
  
  a775856275b1eb6996509517f86eaa8e9f9c07273164e207abf415ebf19b6ef93d2ef002f29b5e926b5ca6d1861b3dc966aa272876abd7f6a400fd30fa4480a9
- SSDEEP
  
  3072:6MrRCSKC/v3cItK0HefMgKqeN+IrUkxgJ:6MrRCSKC/v3cIpH
Score

1^/10
behavioral8
- Target
  
  MaterialDesignThemes.Wpf.dll
- Size
  
  9.4MB
- MD5
  
  05347205b59c343705c5b1da21d8f9d3
- SHA1
  
  2a019a5a7d0388fe278efa63a7659a987d850aa8
- SHA256
  
  f8144c2d063144a98e6faa4e4d6f11cb3d08d20313e196cdd03addb8186ca6fd
- SHA512
  
  8c29c3aea7f13c0fdd8efcf4646f20ac28a56c5851f9ed27be90d9dc52868f412e52fdc6ab69a25269cc79f7db06fd6416ee8802ff150e375154e36497f6dad1
- SSDEEP
  
  98304:6Xg2XJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fP:6wgnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral9
- Target
  
  MaterialDesignThemes.Wpf.xml
- Size
  
  113KB
- MD5
  
  1bb82bbb22468938d4b9d2d138c548fb
- SHA1
  
  f68f221a82ba44a7b344a3004137b95b3af58c59
- SHA256
  
  d016aa634c248f9f6d954c4e8836996637c8d2f2e01077e99f58d3d64daaddfd
- SHA512
  
  8ec76c197397047fb22a364361beb9c3f323a636a394d50a63d342902c587c9c4ae9bfc5527fb4c0c549626eaf074d179f993c7382d92ed9757fc1a8e577a6f3
- SSDEEP
  
  1536:fj4pgvgbnK9NeW6efGe3PeIlesVbnbKcUggHlwLKCf9xinnH85Kg1MlgkkQitawg:fbhUQHkkQZ75
Score

1^/10
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Possible privilege escalation attempt

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10