Overview

overview

10

Static

static

1

93d3362688...6e.exe

windows7_x64

10

93d3362688...6e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93d33626886e97abf4087f5445b2a02738ea21d8624b3f015625cd646e9d986e

  • Size

    204KB

  • Sample

    210802-ngpw47w9hj

  • MD5

    27f49c4608311a736ef96673b2300531

  • SHA1

    da24c13d479932796e992c1f42e979e637e476d0

  • SHA256

    93d33626886e97abf4087f5445b2a02738ea21d8624b3f015625cd646e9d986e

  • SHA512

    8a698f8ac861e5545141e36faf35e91123cdb9ddaa2f7d8923ca4d80cf276325ccba900321b3b503473d2769c93a92ec6fa9bd2c2b3f2b3552202fdf25f7d30c

Score
10/10
plugxpersistencetrojan

Malware Config

Extracted

Family

plugx

C2

rainydaysweb.com:80

rainydaysweb.com:443

rainydaysweb.com:53
Mutex

dhHRYvLNaOVJXZdDsbdc

Attributes
  • folder

    AAM UpdatesblF

Targets

    • Target

      93d33626886e97abf4087f5445b2a02738ea21d8624b3f015625cd646e9d986e

    • Size

      204KB

    • MD5

      27f49c4608311a736ef96673b2300531

    • SHA1

      da24c13d479932796e992c1f42e979e637e476d0

    • SHA256

      93d33626886e97abf4087f5445b2a02738ea21d8624b3f015625cd646e9d986e

    • SHA512

      8a698f8ac861e5545141e36faf35e91123cdb9ddaa2f7d8923ca4d80cf276325ccba900321b3b503473d2769c93a92ec6fa9bd2c2b3f2b3552202fdf25f7d30c

    Score
    10/10
    plugxpersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks