General

  • Target

    MrsMajor2.0.exe

  • Size

    25.6MB

  • Sample

    241123-wyy47szlfw

  • MD5

    247a35851fdee53a1696715d67bd0905

  • SHA1

    d2e86020e1d48e527e81e550f06c651328bd58a4

  • SHA256

    5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d

  • SHA512

    a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c

  • SSDEEP

    786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

Malware Config

Targets

    • Target

      MrsMajor2.0.exe

    • Size

      25.6MB

    • MD5

      247a35851fdee53a1696715d67bd0905

    • SHA1

      d2e86020e1d48e527e81e550f06c651328bd58a4

    • SHA256

      5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d

    • SHA512

      a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c

    • SSDEEP

      786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks