General
-
Target
https://signal6domain.online/click?redirect=https%3A%2F%2Ftracking.cirrusinsight.com%2F66c47f50-0948-4bc8-9308-59ef0da8e726%2Fsignal6domain-online-click1&dID=1646238915542&linkName=3-Day%20PMP%20Boot%20Camp%20(Updated%20for%20New%20PMP%20Exam)
-
Sample
220314-b2763abfe3
Malware Config
Targets
-
-
Target
https://signal6domain.online/click?redirect=https%3A%2F%2Ftracking.cirrusinsight.com%2F66c47f50-0948-4bc8-9308-59ef0da8e726%2Fsignal6domain-online-click1&dID=1646238915542&linkName=3-Day%20PMP%20Boot%20Camp%20(Updated%20for%20New%20PMP%20Exam)
Score10/10-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
PlugX Rat Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-