General
-
Target
https://download.nutanix.com/Foundation/5.1.1/foundation-5.1.1-windows.msi?Expires=1647317017618&Key-Pair-Id=APKAJTTNCWPEI42QKMSA&Signature=G-MEsjjAR8ynl~LpkXPKS3R0s4kj0q1Owu7DO~Jq2QashOc5n1M0pP883g8mGTNkRA7uIbpCaom1RKSYk0R4xlkD-Pm6MFdjnZbXwQskCcynegYCq7SQV3TYC7~jXRqYbwpQhY4Uox7wUC2pA6zRPFnrCQoyXlnp0Jqyn8M-lNpsdSp2bdTMKDCn4l03LH5nsiZdBmXesNx6bKgmDhZRbxpYWbo56i-8VvSgmkk0DaY21GAs2~oujB~41gFVe-~rfuu4bDVWTqrGNGD--Uz~oLp8A7k4sLm3QM8h0iSHbvclBTmTRdQhc71Wjv3sm8HXxrSeuObaPzmR06wpEjJoFQ__
-
Sample
220316-eylqfaffdk
Malware Config
Targets
-
-
Target
https://download.nutanix.com/Foundation/5.1.1/foundation-5.1.1-windows.msi?Expires=1647317017618&Key-Pair-Id=APKAJTTNCWPEI42QKMSA&Signature=G-MEsjjAR8ynl~LpkXPKS3R0s4kj0q1Owu7DO~Jq2QashOc5n1M0pP883g8mGTNkRA7uIbpCaom1RKSYk0R4xlkD-Pm6MFdjnZbXwQskCcynegYCq7SQV3TYC7~jXRqYbwpQhY4Uox7wUC2pA6zRPFnrCQoyXlnp0Jqyn8M-lNpsdSp2bdTMKDCn4l03LH5nsiZdBmXesNx6bKgmDhZRbxpYWbo56i-8VvSgmkk0DaY21GAs2~oujB~41gFVe-~rfuu4bDVWTqrGNGD--Uz~oLp8A7k4sLm3QM8h0iSHbvclBTmTRdQhc71Wjv3sm8HXxrSeuObaPzmR06wpEjJoFQ__
Score10/10-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
PlugX Rat Payload
-
Detect jar appended to MSI
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-