General
-
Target
MrsMajor 3.0.zip
-
Size
718KB
-
Sample
240513-m5h7wscd52
-
MD5
1ba1c2c09aec0555b2735de46ca99837
-
SHA1
bcf87747109a6c0c77bbb4304b5d2d5cc4f1d05b
-
SHA256
88d20370bb431865ebd0f8fee1d22e27192cfed6abf96f5e37e258d35fcf83be
-
SHA512
0f4fd0c050004ada90867372f7682ac0c58e12e32ee4a92dafa27978772b36b0686196d2244dddfc18ca817e4ba59051208c25dbae2de6382957c60a23bc19e2
-
SSDEEP
12288:8v2uSBZjT5gj1YLHA5gL3Foozppgxa9mP29uu30F2GD/J9aKogClwwSPqTj:8eJpijSLHBL3d14wVSB/ogCuwSPqf
Static task
static1
Behavioral task
behavioral1
Sample
2IPStartGuard.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2IPStartGuard.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
MrsMajor 3.0.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
2IPStartGuard.exe
-
Size
492KB
-
MD5
af6513111d716fb785873eb7a1b82be0
-
SHA1
f5cef19010bc3536048bca085b70c95356414e08
-
SHA256
92b1e608f6db89b696b672d9fa653174de7b2cb6a78282a83cee11f4c8907740
-
SHA512
61451f24d09b99c07127a9f93285f2ec33eab0cdfe79f88cca86d2e0da4afa92d7de9920af9ad315245052270f11cd80018fb43fe4d82dabffd193a3a0b15612
-
SSDEEP
12288:Z2eavDVp0149mp2XGuR0TJ0GjHF9eKY2QZww+Pq0k:Z2eWBEsZyfY2Q6w+Pq7
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
MrsMajor 3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1