Overview

overview

10

Static

static

1

59aaa2b811...ce.exe

windows7_x64

10

59aaa2b811...ce.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59aaa2b8116ba01c1b37937db37213ff1f4a8552a7211ab21f73ffac2c0c13ce

  • Size

    699KB

  • Sample

    220128-w91r6safam

  • MD5

    0d3fbc842a430f5367d480dd1b74449b

  • SHA1

    bd2533005a2eaed203054fd649fdbdcd3e3a860a

  • SHA256

    59aaa2b8116ba01c1b37937db37213ff1f4a8552a7211ab21f73ffac2c0c13ce

  • SHA512

    aa06bebcb55175fb9dd08eb1810d72ef598a85fa8bf548609b5d6c3b7c7ee68e7b660436b29d4b189eae3631bcf0fffa6112989ca99a52d1ada3740ee16289de

Score
10/10
plugxpersistencetrojan

Malware Config

Extracted

Family

plugx

C2

www.apple-net.com:80

www.apple-net.com:53

www.apple-net.com:8080

www.apple-net.com:443
Mutex

Attributes
  • folder

    ESET Malware ProtectionOWT

Targets

    • Target

      59aaa2b8116ba01c1b37937db37213ff1f4a8552a7211ab21f73ffac2c0c13ce

    • Size

      699KB

    • MD5

      0d3fbc842a430f5367d480dd1b74449b

    • SHA1

      bd2533005a2eaed203054fd649fdbdcd3e3a860a

    • SHA256

      59aaa2b8116ba01c1b37937db37213ff1f4a8552a7211ab21f73ffac2c0c13ce

    • SHA512

      aa06bebcb55175fb9dd08eb1810d72ef598a85fa8bf548609b5d6c3b7c7ee68e7b660436b29d4b189eae3631bcf0fffa6112989ca99a52d1ada3740ee16289de

    Score
    10/10
    plugxpersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks