Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Trojan.Mrs....0.exe

windows7-x64

10

Trojan.Mrs....0.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f03f28a6a90e5554ebe5da0890e108d3c6ac0316ff31f451565fcd7df86c893b.zip

  • Size

    24.0MB

  • Sample

    250327-vx44dsxny3

  • MD5

    055969990513264e50214409e3d2e3d1

  • SHA1

    584a497aef49d28c67f108da5b411408d0c2e764

  • SHA256

    f03f28a6a90e5554ebe5da0890e108d3c6ac0316ff31f451565fcd7df86c893b

  • SHA512

    433c49e3824d24b89a862140d8f55461efe5d1914652277e6064e9bb039f5b528c3d71b211b75cd1248062910cf64595dcc38e6edcb746f9f2debff0091cf7cb

  • SSDEEP

    393216:ynqXEjbezdyzJi2lVXlZqxWD6OSocZJghA3PYdlb5Z+erzIv0vsfRvaTIZKXJCLm:CUkzJicXHiGq4+3PchvA4sZvaUUZCfeb

Score
10/10
defense_evasiondiscoveryevasionexploitpersistencetrojan

Malware Config

Targets

    • Target

      Trojan.MrsMajor2.0.exe

    • Size

      25.6MB

    • MD5

      247a35851fdee53a1696715d67bd0905

    • SHA1

      d2e86020e1d48e527e81e550f06c651328bd58a4

    • SHA256

      5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d

    • SHA512

      a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c

    • SSDEEP

      786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2

    Score
    10/10
    defense_evasiondiscoverytrojanevasionexploitpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • UAC bypass

      defense_evasiontrojan

    • Disables RegEdit via registry modification

      defense_evasion

    • Disables Task Manager via registry modification

      defense_evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks