Overview

overview

10

Static

static

10

befd8b5b90...b6.dll

windows7_x64

3

befd8b5b90...b6.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    befd8b5b90ef38e3d04711b0aae55805149ad1f3c77eb39bc9002760ce1684b6

  • Size

    135KB

  • Sample

    220131-zq3zzabghp

  • MD5

    74668e84ee38695216ef737f389dc55c

  • SHA1

    e4d6928f6592a2a38d880cff7e0f30db2a15896e

  • SHA256

    befd8b5b90ef38e3d04711b0aae55805149ad1f3c77eb39bc9002760ce1684b6

  • SHA512

    90a550498a77284e5a936d92513994976ed5b67ffd8f5ca1476570f1c7307f69ed8400e86ab2588d24c77df66279daca98e4735b1b650cf46770093a7d1b8c24

Score
10/10
plugxpersistence

Malware Config

Extracted

Family

plugx

C2

rainydaysweb.com:80

rainydaysweb.com:443

rainydaysweb.com:53
Mutex

dhHRYvLNaOVJXZdDsbdc

Attributes
  • folder

    AAM UpdatesblF

Targets

    • Target

      befd8b5b90ef38e3d04711b0aae55805149ad1f3c77eb39bc9002760ce1684b6

    • Size

      135KB

    • MD5

      74668e84ee38695216ef737f389dc55c

    • SHA1

      e4d6928f6592a2a38d880cff7e0f30db2a15896e

    • SHA256

      befd8b5b90ef38e3d04711b0aae55805149ad1f3c77eb39bc9002760ce1684b6

    • SHA512

      90a550498a77284e5a936d92513994976ed5b67ffd8f5ca1476570f1c7307f69ed8400e86ab2588d24c77df66279daca98e4735b1b650cf46770093a7d1b8c24

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks