9bd31a3fe86402deb4093397011f9b3eea295f77eeb0ffd5cd27ded039e18468 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

plugx1.zip
Size

28KB
Sample

200713-r6v9yrjpve
MD5

9afd2aad1a8cc491b118ccaf019be412
SHA1

8951f86a7a4d82bf9dd382256a72f5c41403427b
SHA256

9bd31a3fe86402deb4093397011f9b3eea295f77eeb0ffd5cd27ded039e18468
SHA512

26907246b813b5908f87d99d95f7198c16a586441e944c81ed96dfd32763cacf309c47f5525891fd76eba931a459366d701d84624389fde4680df0e756acf657

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  5614bd0a2e2c2ca4194e99e2f848535fa9a16157bd78cae268cf2b3eda6e54c2.exe
- Size
  
  77KB
- MD5
  
  de2147bd349bd429db6ed0149736465e
- SHA1
  
  b386fab1ca019046c87fbda87be360ba276defd6
- SHA256
  
  5614bd0a2e2c2ca4194e99e2f848535fa9a16157bd78cae268cf2b3eda6e54c2
- SHA512
  
  44087c162fb48a05766c893e1ba64f9c2df28ff0bb8951287af517420f0bae5aa362e1a3ed89cda1b73900bd2ce8a4f9f3a14f5e74d8392de361f007647fa76a
Score

8^/10

evasion trojan persistence spyware
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanpersistencespyware

behavioral2