Overview
overview
10Static
static
3BossDaMajo...or.exe
windows7-x64
BossDaMajo...or.exe
windows10-1703-x64
BossDaMajo...or.exe
windows10-2004-x64
BossDaMajo...or.exe
windows11-21h2-x64
MrsMajor2.0.exe
windows7-x64
7MrsMajor2.0.exe
windows10-1703-x64
7MrsMajor2.0.exe
windows10-2004-x64
7MrsMajor2.0.exe
windows11-21h2-x64
7MrsMajor3.0.exe
windows7-x64
10MrsMajor3.0.exe
windows10-1703-x64
10MrsMajor3.0.exe
windows10-2004-x64
10MrsMajor3.0.exe
windows11-21h2-x64
10General
-
Target
MrsMajors.rar
-
Size
21.2MB
-
Sample
240415-2wbtsaae59
-
MD5
6e7d9fa6177be7125d003b90f4dc0fe8
-
SHA1
c00005385fff65c6f2295575f24591dceefd794a
-
SHA256
816c4baebc97255ce444d2b6575373ea7c0ff89de279503e3106a7f13500d076
-
SHA512
db121e2ed36ce9e2e25730007fc69e37079ff9ce48d4c27129d5d1b656ff3b5f1988b622bcd9e9e64cf54d68eeba0e54ef7f0bfe5ae12879f5a87b09f4a50589
-
SSDEEP
393216:K1Do1hFFwdDUWNzgk/XqIft9N3Q+hQ913LKMC6pDib/Ql/8frkZ91Hzm:KVahsdpNzgkfjft9NA+hQj+MBp+DQafl
Static task
static1
Behavioral task
behavioral1
Sample
BossDaMajor/BossDaMajor.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BossDaMajor/BossDaMajor.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
BossDaMajor/BossDaMajor.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
BossDaMajor/BossDaMajor.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
MrsMajor2.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
MrsMajor2.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
MrsMajor2.0.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
MrsMajor2.0.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
MrsMajor3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
MrsMajor3.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
MrsMajor3.0.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
BossDaMajor/BossDaMajor.exe
-
Size
1.9MB
-
MD5
38ff71c1dee2a9add67f1edb1a30ff8c
-
SHA1
10f0defd98d4e5096fbeb321b28d6559e44d66db
-
SHA256
730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
-
SHA512
8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
-
SSDEEP
49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
MrsMajor2.0.exe
-
Size
25.6MB
-
MD5
247a35851fdee53a1696715d67bd0905
-
SHA1
d2e86020e1d48e527e81e550f06c651328bd58a4
-
SHA256
5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
-
SHA512
a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
-
SSDEEP
786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
MrsMajor3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
2Bypass User Account Control
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
2Bypass User Account Control
2Impair Defenses
2Disable or Modify Tools
2