Overview

overview

10

Static

static

3

MrsMajor2.0.exe

windows7-x64

Resubmissions

15-04-2024 23:58

240415-31jwmabg94 10

15-04-2024 23:57

240415-3zrj3sbg69 10

15-04-2024 23:55

240415-3ypn4adf8y 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MrsMajor2.0.bin.zip

  • Size

    24.0MB

  • Sample

    240415-31jwmabg94

  • MD5

    82faca51fa050743351ba4db3d789d3f

  • SHA1

    72c09ce303d2431568d5bae45060678af373a9a0

  • SHA256

    6f1bdf0ca70d93ed6756b2239bca7e077817ff30c31a9024222478add654caec

  • SHA512

    6c0e1e034493f868d15aa4d8a719d4034f32abe5de29a7db75a2560874e37e008a6bd19ef4e7be14dc155437be0ababc3b8a91d1d9349be4f030224cfc0ef7cb

  • SSDEEP

    393216:A/7tMMtCa2fL1RJf5aTP3H/0+BvrMJIMys0xpSH/19rXXVqyUvjHx9XRbrXEfOm:wn6zZ5yFvrWIZtGVqyU7HbX2N

Score
10/10
discoveryevasionexploitpersistencetrojan

Malware Config

Targets

    • Target

      MrsMajor2.0.bin

    • Size

      25.6MB

    • MD5

      247a35851fdee53a1696715d67bd0905

    • SHA1

      d2e86020e1d48e527e81e550f06c651328bd58a4

    • SHA256

      5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d

    • SHA512

      a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c

    • SSDEEP

      786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

    Score
    10/10
    discoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

5
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks