General
-
Target
MrsMajor2.0.exe
-
Size
25.6MB
-
Sample
230218-p5qcbacb99
-
MD5
247a35851fdee53a1696715d67bd0905
-
SHA1
d2e86020e1d48e527e81e550f06c651328bd58a4
-
SHA256
5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
-
SHA512
a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
-
SSDEEP
786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Static task
static1
Behavioral task
behavioral1
Sample
MrsMajor2.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
MrsMajor2.0.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
MrsMajor2.0.exe
-
Size
25.6MB
-
MD5
247a35851fdee53a1696715d67bd0905
-
SHA1
d2e86020e1d48e527e81e550f06c651328bd58a4
-
SHA256
5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
-
SHA512
a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
-
SSDEEP
786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Adds Run key to start application
-
Drops file in System32 directory
-