General
-
Target
MrsMajor3.0.exe
-
Size
22.1MB
-
Sample
220921-lwsjjagab4
-
MD5
41be05ddeba107c84bec48eaadb1b698
-
SHA1
e822d44f99418e1a4c97ead9d105277f1b0beeba
-
SHA256
c07cd03f19c84c065df380bd760bbfa8180429ea845837f12ea8a64f265e4358
-
SHA512
7a13a82de27d7d1eb9627a56c198166d724b5eb0e5b08545c7bc29838249323fd444916a5dbbd503c39a2db2aa2c598607278e8a129f99c984817e867a41f58b
-
SSDEEP
49152:3QEde0LgY0YPAb/ArM7WzgEhDpYNnCAGTtaha+OGA+dZDBlF26COKn1F/ufwTRra:3Qz+04D+i4DBz2NHlruSSDll
Static task
static1
Behavioral task
behavioral1
Sample
MrsMajor3.0.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
MrsMajor3.0.exe
-
Size
22.1MB
-
MD5
41be05ddeba107c84bec48eaadb1b698
-
SHA1
e822d44f99418e1a4c97ead9d105277f1b0beeba
-
SHA256
c07cd03f19c84c065df380bd760bbfa8180429ea845837f12ea8a64f265e4358
-
SHA512
7a13a82de27d7d1eb9627a56c198166d724b5eb0e5b08545c7bc29838249323fd444916a5dbbd503c39a2db2aa2c598607278e8a129f99c984817e867a41f58b
-
SSDEEP
49152:3QEde0LgY0YPAb/ArM7WzgEhDpYNnCAGTtaha+OGA+dZDBlF26COKn1F/ufwTRra:3Qz+04D+i4DBz2NHlruSSDll
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-