Overview

overview

10

Static

static

MrsMajor 3.0.exe

windows10-2004_x64

10

MrsMajor 3.0.exe

windows11_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MrsMajor 3.0.exe

  • Size

    381KB

  • Sample

    220706-e95mpaghej

  • MD5

    35a27d088cd5be278629fae37d464182

  • SHA1

    d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

  • SHA256

    4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

  • SHA512

    eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

Score
10/10
agilenetevasiontrojan

Malware Config

Targets

    • Target

      MrsMajor 3.0.exe

    • Size

      381KB

    • MD5

      35a27d088cd5be278629fae37d464182

    • SHA1

      d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

    • SHA256

      4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

    • SHA512

      eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

    Score
    10/10
    agilenetevasiontrojan

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks