plugx | a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3 | Triage

Submit
Reports

Overview

overview

Static

static

a8e2b38c57...a3.exe

windows7_x64

a8e2b38c57...a3.exe

windows10_x64

a8e2b38c57...a3.exe

windows10-2004_x64

Resubmissions

24-02-2022 11:14

220224-nb4r6schd4 10

22-02-2022 08:33

220222-kfyj6sfggn 8

Sharing

General

Target

a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3
Size

267KB
Sample

220224-nb4r6schd4
MD5

e99b341dfd3147e5bbb385e7cc5e5e17
SHA1

e5d152281a61be6db5f3d8d42d985210c4faf283
SHA256

a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3
SHA512

74d9a6d521dcc6a74c47511185efa3d026d72ee03e4986fb700c1c0555a5511cc7f2c85de9ad2da6373683f3578275c3f7561f664115bfaa054be32b05bcd14c

Score

10^/10

plugx trojan

Static task

static1

Behavioral task

behavioral1

Sample

a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3.exe

Resource

win7-20220223-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3
- Size
  
  267KB
- MD5
  
  e99b341dfd3147e5bbb385e7cc5e5e17
- SHA1
  
  e5d152281a61be6db5f3d8d42d985210c4faf283
- SHA256
  
  a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3
- SHA512
  
  74d9a6d521dcc6a74c47511185efa3d026d72ee03e4986fb700c1c0555a5511cc7f2c85de9ad2da6373683f3578275c3f7561f664115bfaa054be32b05bcd14c
Score

10^/10

plugx trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- PlugX Rat Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy