Overview

overview

10

Static

static

3

MrsMajor 3.0.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MrsMajor 3.0.7z

  • Size

    234KB

  • Sample

    240502-pydpyabc44

  • MD5

    fedb45ddbd72fc70a81c789763038d81

  • SHA1

    f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a

  • SHA256

    eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

  • SHA512

    813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

  • SSDEEP

    6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT

Score
10/10
agilenetdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      MrsMajor 3.0.exe

    • Size

      381KB

    • MD5

      35a27d088cd5be278629fae37d464182

    • SHA1

      d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

    • SHA256

      4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

    • SHA512

      eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

    • SSDEEP

      6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7

    Score
    10/10
    agilenetdiscoveryevasiontrojan

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks