5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d | Triage

Submit
Reports

Overview

overview

Static

static

1

MrsMajor2.0.exe

windows7-x64

MrsMajor2.0.exe

windows10-2004-x64

Sharing

General

Target

MrsMajor2.0.exe
Size

25.6MB
Sample

230218-p5qcbacb99
MD5

247a35851fdee53a1696715d67bd0905
SHA1

d2e86020e1d48e527e81e550f06c651328bd58a4
SHA256

5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
SHA512

a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
SSDEEP

786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

Score

10^/10

discovery evasion exploit persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

MrsMajor2.0.exe

Resource

win7-20220812-en

discovery evasion exploit persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

MrsMajor2.0.exe

Resource

win10v2004-20221111-en

discovery evasion exploit persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  MrsMajor2.0.exe
- Size
  
  25.6MB
- MD5
  
  247a35851fdee53a1696715d67bd0905
- SHA1
  
  d2e86020e1d48e527e81e550f06c651328bd58a4
- SHA256
  
  5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
- SHA512
  
  a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
- SSDEEP
  
  786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan

© 2018-2024

Terms | Privacy