Overview

overview

8

Static

static

MrsMajor-3...rm.vbs

windows10-2004-x64

8

MrsMajor-3...ui.vbs

windows10-2004-x64

8

MrsMajor-3...ge.vbs

windows10-2004-x64

1

MrsMajor-3...64.vbs

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    MrsMajor-3.0-master.zip

  • Size

    5.2MB

  • Sample

    221228-ved49aah75

  • MD5

    3251e9a3d318a4c9b90f318ff3c3a93c

  • SHA1

    c57d73b9998572826e0ea2861b6e185720ef5eee

  • SHA256

    0c8f8d566cde1484ae2c98dc0d8f58d3eac6dd63e3e79fbcb0f25f3afa5e8fa0

  • SHA512

    74e934b13e626d9fc09c237921158d0e27f0e2c724f8c557177d2c83d81b859742109a08d3948ab6518833c58e70f585de9b2bcfa1e39807c87926caf681d8ea

  • SSDEEP

    98304:fnlpwJgGCw4z/3l00wVUMXVc0BWta+jutTz/iQ4iXnVd76UQyWdLVruh4LSB:Plaew4z/3l0bOqGptWtiFa7kyWpV6K2B

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      MrsMajor-3.0-master/MrsMajor 3.0/gdifuncs/gdifuncs/MainForm.resx

    • Size

      9KB

    • MD5

      d19bfe025a1e108c7f40726f7464c704

    • SHA1

      3c4e76bee0342f34b7b89558d5c8f70ecc5a8d16

    • SHA256

      2c010bf834abb902303eb0bf7d900870f1700c20e9e10fc99146c0fb1aa295d0

    • SHA512

      042d9096bb7d05a60d3878f25da1beb56602a53d2a46ca7898f1876d5ee53bec81284556934a87f0256bf588ff2602b16d0679ee5f62faaaa124da6d8c3e0e70

    • SSDEEP

      192:KjrbLPD9sLvIzSvKgIqUyahFsbawbbawFbawkgwrvgjPMg55Bl:KjrbLPxsLvASvKgwyahFaawHawxawkgZ

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      MrsMajor-3.0-master/MrsMajor 3.0/gdifuncs/gdifuncs/majorsgui.resx

    • Size

      7.4MB

    • MD5

      9bbe09ece781fdbf55e632d73e006b84

    • SHA1

      bf279167c8c3a0c4ff53900011f260302880edbd

    • SHA256

      7ef4256b98b031c117ba233529fdfd90aa9705ee98ba0656a2447d4ef7f53726

    • SHA512

      8e5d2d4a16d788b39020d300cd588630e01a8921bcf1931717126578f6abad6cb0ea6c7fe19ff085641dfb35d275e9bc0014f2c2bfcba50c05877599ec01a126

    • SSDEEP

      49152:YXEHwXfZpRmmtKI+gKQW0WV6mAYlwJnNWIvcShsf2v/6TxImhwVa2t5Xto4EaClX:L

    Score
    8/10
    discovery

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral2

    • Target

      MrsMajor-3.0-master/MrsMajor 3.0/gdifuncs/gdifuncs/pinksavage.resx

    • Size

      7KB

    • MD5

      ca1ead260aa4479e6b8cdc3de71e32f7

    • SHA1

      ab09f35430472d6cd2f85885a98e7598a99c9ac7

    • SHA256

      2c7bae9786e1af3e35e2df5cd65d0fab52ec031f7909f0ec1afb5f5cff92e91f

    • SHA512

      7176146e1cba02403876db7b81ebed0ea59aa9da460549ac25dc6537b442134947ff5f92cd4ddb6125a051cbf7feb3cc93d97602ed996db42bb45198bf10abae

    • SSDEEP

      192:KjrbLPD9sLvIzSvKgIqUyahFsbaw6gwrvNEn5ONl:KjrbLPxsLvASvKgwyahFaaw6gwrvNEnA

    Score
    1/10
    behavioral3

    • Target

      MrsMajor-3.0-master/MrsMajor 3.0/gdifuncs/gdifuncs/protection64.resx

    • Size

      8KB

    • MD5

      c542c7babe5c42a5cab239aa7b35f5c0

    • SHA1

      028f6d9b84ad3b48c1d08801de52d2f22b15e18b

    • SHA256

      ebc9a96ac89eced8960ea403055f90fa01d357817f327d8599a93e813b3b8fc6

    • SHA512

      5de6c2f6b0aa28093969f5417f599c6d78ca7c47a67e629528f1b8dd088b622cbbe9a01bd2f08cac9bfcff3c5d4f1a03ebb8d75b369e775c7bbe41c203faca6a

    • SSDEEP

      192:KjrbLPD9sLvIzSvKgIqUyahFUgwrvNWBVl:KjrbLPxsLvASvKgwyahFUgwrvNWBVl

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v6

Tasks