Overview

overview

10

Static

static

Folder.exe

windows7_x64

10

Folder.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Folder

  • Size

    876KB

  • Sample

    210614-j124726z9e

  • MD5

    710ed49d2ea4c31614ec7167fc2dd67c

  • SHA1

    f5b961ce09e158c3c1d9531767ace98f3d173550

  • SHA256

    956afc0c6d10b544f71fee126a4fd36f91fb64c2ed86b73ea1b44dc57a7e2082

  • SHA512

    188480ca9dd4fab70f5b0142d03c0409365644794e3097a543bf4d29a122b7f3cc2ea2b59430e8aff5f36b264d027e3c0e71d07e89e7bc296cdaba2dde0e1e55

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      Folder

    • Size

      876KB

    • MD5

      710ed49d2ea4c31614ec7167fc2dd67c

    • SHA1

      f5b961ce09e158c3c1d9531767ace98f3d173550

    • SHA256

      956afc0c6d10b544f71fee126a4fd36f91fb64c2ed86b73ea1b44dc57a7e2082

    • SHA512

      188480ca9dd4fab70f5b0142d03c0409365644794e3097a543bf4d29a122b7f3cc2ea2b59430e8aff5f36b264d027e3c0e71d07e89e7bc296cdaba2dde0e1e55

    Score
    10/10
    plugxtrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks