Resubmissions

24-02-2022 11:14

220224-nb4r6schd4 10

22-02-2022 08:33

220222-kfyj6sfggn 8

General

  • Target

    a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3

  • Size

    267KB

  • Sample

    220224-nb4r6schd4

  • MD5

    e99b341dfd3147e5bbb385e7cc5e5e17

  • SHA1

    e5d152281a61be6db5f3d8d42d985210c4faf283

  • SHA256

    a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3

  • SHA512

    74d9a6d521dcc6a74c47511185efa3d026d72ee03e4986fb700c1c0555a5511cc7f2c85de9ad2da6373683f3578275c3f7561f664115bfaa054be32b05bcd14c

Score
10/10

Malware Config

Targets

    • Target

      a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3

    • Size

      267KB

    • MD5

      e99b341dfd3147e5bbb385e7cc5e5e17

    • SHA1

      e5d152281a61be6db5f3d8d42d985210c4faf283

    • SHA256

      a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3

    • SHA512

      74d9a6d521dcc6a74c47511185efa3d026d72ee03e4986fb700c1c0555a5511cc7f2c85de9ad2da6373683f3578275c3f7561f664115bfaa054be32b05bcd14c

    Score
    10/10
    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • PlugX Rat Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks