plugx

Resubmissions

05-08-2021 11:34

210805-3hmtrhklp2 10

05-08-2021 11:29

210805-8ee9f9c312 1

Sharing

Copy URL

Twitter E-mail

General

Target

AcroRd32DQe.bin
Size

293KB
Sample

210805-3hmtrhklp2
MD5

187a89cf24890c3af628219d0d9ae881
SHA1

5b1ba0821ca5461ced123cc646dd5823504075f5
SHA256

f949b78b040cbfc95aafb50ef30ac3e8c16771c6b926b6f8f1efe44a1f437d51
SHA512

aaf9203cda730018988f38c4734b144d0f83e61e3a342c6c26f3668b2e6860d95558da39bc11d3a7d4683f74059e144fc0c98ebe05acde501012caf3609263ef

Score

10^/10

Malware Config

Extracted

Family

plugx

45.134.83.41:443

45.134.83.41:8080

45.134.83.41:80

Mutex

jqcdxvOfUAlRGUCUknxZ

Attributes

folder
AcroRd32DQe

Targets

- Target
  
  AcroRd32DQe.bin
- Size
  
  293KB
- MD5
  
  187a89cf24890c3af628219d0d9ae881
- SHA1
  
  5b1ba0821ca5461ced123cc646dd5823504075f5
- SHA256
  
  f949b78b040cbfc95aafb50ef30ac3e8c16771c6b926b6f8f1efe44a1f437d51
- SHA512
  
  aaf9203cda730018988f38c4734b144d0f83e61e3a342c6c26f3668b2e6860d95558da39bc11d3a7d4683f74059e144fc0c98ebe05acde501012caf3609263ef
Score

10^/10

plugx persistence trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2