816c4baebc97255ce444d2b6575373ea7c0ff89de279503e3106a7f13500d076

Resubmissions

25-04-2024 18:30

240425-w5sk1ade57 10

15-04-2024 22:55

240415-2wbtsaae59 10

Sharing

Copy URL

Twitter E-mail

General

Target

MrsMajors.rar
Size

21.2MB
Sample

240415-2wbtsaae59
MD5

6e7d9fa6177be7125d003b90f4dc0fe8
SHA1

c00005385fff65c6f2295575f24591dceefd794a
SHA256

816c4baebc97255ce444d2b6575373ea7c0ff89de279503e3106a7f13500d076
SHA512

db121e2ed36ce9e2e25730007fc69e37079ff9ce48d4c27129d5d1b656ff3b5f1988b622bcd9e9e64cf54d68eeba0e54ef7f0bfe5ae12879f5a87b09f4a50589
SSDEEP

393216:K1Do1hFFwdDUWNzgk/XqIft9N3Q+hQ913LKMC6pDib/Ql/8frkZ91Hzm:KVahsdpNzgkfjft9NA+hQj+MBp+DQafl

Score

10^/10

Malware Config

Targets

- Target
  
  BossDaMajor/BossDaMajor.exe
- Size
  
  1.9MB
- MD5
  
  38ff71c1dee2a9add67f1edb1a30ff8c
- SHA1
  
  10f0defd98d4e5096fbeb321b28d6559e44d66db
- SHA256
  
  730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
- SHA512
  
  8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
- SSDEEP
  
  49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  MrsMajor2.0.exe
- Size
  
  25.6MB
- MD5
  
  247a35851fdee53a1696715d67bd0905
- SHA1
  
  d2e86020e1d48e527e81e550f06c651328bd58a4
- SHA256
  
  5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
- SHA512
  
  a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
- SSDEEP
  
  786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  MrsMajor3.0.exe
- Size
  
  381KB
- MD5
  
  35a27d088cd5be278629fae37d464182
- SHA1
  
  d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
- SHA256
  
  4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
- SHA512
  
  eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
- SSDEEP
  
  6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
Score

10^/10

agilenet evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral10 behavioral11 behavioral12 behavioral9