eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2 | Triage

Submit
Reports

Overview

overview

Static

static

1

MrsMajor 3.0.7z

windows7-x64

MrsMajor 3.0.7z

windows10-2004-x64

7

Sharing

General

Target

MrsMajor 3.0.7z
Size

234KB
Sample

240308-nexg9see9y
MD5

fedb45ddbd72fc70a81c789763038d81
SHA1

f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256

eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512

813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
SSDEEP

6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT

Score

10^/10

agilenet evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

MrsMajor 3.0.7z

Resource

win7-20240221-en

agilenet evasion trojan upx

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

MrsMajor 3.0.7z

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  MrsMajor 3.0.7z
- Size
  
  234KB
- MD5
  
  fedb45ddbd72fc70a81c789763038d81
- SHA1
  
  f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
- SHA256
  
  eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
- SHA512
  
  813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
- SSDEEP
  
  6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT
Score

10^/10

agilenet evasion trojan upx
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetevasiontrojanupx

behavioral2

© 2018-2024

Terms | Privacy