Overview

overview

10

Static

static

4

1a9f775e93...46.pdf

windows7_x64

10

1a9f775e93...46.pdf

windows10-2004_x64

1

Resubmissions

16-03-2022 13:06

220316-qccq7aead6 4

16-03-2022 10:43

220316-msa1raagfn 4

16-03-2022 10:37

220316-mnxc7aagcj 4

16-03-2022 09:54

220316-lw79zsadap 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646

  • Size

    776KB

  • Sample

    220316-lw79zsadap

  • MD5

    8a9f834abf7d6cfb6452ff3102ec998d

  • SHA1

    14e108594294c230a5445b6df54bb8f74a984cdc

  • SHA256

    1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646

  • SHA512

    68671bf392af9f82de5e3d99e7a13f04e82faab6cb980d5371dce5f08c2f85661f5e6d8016ec15e43c323f41fe304ddb7b95ff60fbc99b76c6295858d094bcbb

Score
10/10
plugxcollectiondiscoverylinkpdfspywarestealertrojan

Malware Config

Targets

    • Target

      1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646

    • Size

      776KB

    • MD5

      8a9f834abf7d6cfb6452ff3102ec998d

    • SHA1

      14e108594294c230a5445b6df54bb8f74a984cdc

    • SHA256

      1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646

    • SHA512

      68671bf392af9f82de5e3d99e7a13f04e82faab6cb980d5371dce5f08c2f85661f5e6d8016ec15e43c323f41fe304ddb7b95ff60fbc99b76c6295858d094bcbb

    Score
    10/10
    plugxcollectiondiscoveryspywarestealertrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • PlugX Rat Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks