General

  • Target

    MrsMajor3.0.exe

  • Size

    381KB

  • Sample

    230507-k41pfadc98

  • MD5

    35a27d088cd5be278629fae37d464182

  • SHA1

    d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

  • SHA256

    4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

  • SHA512

    eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

  • SSDEEP

    6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7

Malware Config

Targets

    • Target

      MrsMajor3.0.exe

    • Size

      381KB

    • MD5

      35a27d088cd5be278629fae37d464182

    • SHA1

      d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

    • SHA256

      4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

    • SHA512

      eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

    • SSDEEP

      6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Matrix ATT&CK v6

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks