plugx

Sharing

Copy URL

Twitter E-mail

General

Target

download.iso
Size

124.6MB
Sample

220316-vd1a4afch7
MD5

b8448cc439be07ad74e35a4fe7247230
SHA1

9759096e0d44f52e5ec3201cd103a8934b0b5269
SHA256

2d17385ee0b70a6b61192b70ed2edc6d67907cd883a8fdb565fad1f357fb7140
SHA512

562ba241b6083ba180d3656f55b4124f21c9caea71d5bc345216895c891a61f1dc33666dda6f9272db3b7203d842d169757cda11baaa7da68912c9d3f932a22e

Score

10^/10

Malware Config

Targets

- Target
  
  Install.lnk
- Size
  
  1KB
- MD5
  
  bfd7d505168be59a0e51765c53e69ca5
- SHA1
  
  c2dc5035d451873d1adfce8b2d41e2b3561b8ef4
- SHA256
  
  2f00d7cd954bcb1fffdc3f14fde7f239b4eb3aecc9f6ac24540ed25856969f33
- SHA512
  
  96201f70ddce456dcefe89ad46716421523a7367d2e3d85ef06c8329a7144793e228701a3536a75379dbbb57f96cd060547c1bf2eb74cb343f278b0de03e6d2e
Score

3^/10
behavioral1 behavioral2
- Target
  
  Bloom/Bloom.exe
- Size
  
  128.1MB
- MD5
  
  f63db3a6edfd4f8f05df0177ff7ff37e
- SHA1
  
  4646fcc9ca0439a92808cee929e765b973e446bf
- SHA256
  
  67bf2ce59ed92dc407465402f3f9494f4f4db57771c8e0690d9884efdb40f265
- SHA512
  
  fe0406363d195e20a267360790a4c34bdaac1b518c3fbdedb8081c817b850d9461e45cf06dfed50d000d37994124d8668e6e06c89b16d8c7a4ca7138c6545de4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  Bloom/d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
Score

3^/10
behavioral5 behavioral6
- Target
  
  Bloom/ffmpeg.dll
- Size
  
  1.7MB
- MD5
  
  dd861e1e5a552fa88759b995d92a8c52
- SHA1
  
  c1e8ab9f6abc84ce46ea3ddadbf7c5f5b671776a
- SHA256
  
  09385bebc5b187013f61eadbbd78cc3ce57450f817ac015f80eeec088487e1a4
- SHA512
  
  0ebc82b17fe04cedb97451183c6280fec3838bed8ed0944530ea025e7aa36dac73092d16a9b975094b2ac85b1184d2f985598bc1856776f1679303c0e4e6f42a
Score

1^/10
behavioral7 behavioral8
- Target
  
  Bloom/libEGL.dll
- Size
  
  389KB
- MD5
  
  49fff6d4cdc65bb474ce030e55ed1d5c
- SHA1
  
  05318533a1c7ff3704be08a4738f3ef98e4514f8
- SHA256
  
  2808219d604965abf74b4de1d1e6d963d1852137c09e35c63360bb83443e6295
- SHA512
  
  c3273418a48b03aae6f1c8961c755c5e5d9da270c2b4b511c18c17a330a5855bc1404a1ae0927ee277fa46916c692d1ad09ec8a7f3b5a912563c9cc7a0cb2c94
Score

1^/10
behavioral9 behavioral10
- Target
  
  Bloom/libGLESv2.dll
- Size
  
  7.8MB
- MD5
  
  f0491de8163465685eb5b824ce083d98
- SHA1
  
  d079d44a544fb8f1395202f15889928d35cfe8fc
- SHA256
  
  eb22c1d16db8e23270b444c7a021ba65331fa7b456fd911f3133599bddd42189
- SHA512
  
  f7d80c4848402c2021be90eafe7c799547efd7365c31eddb775afcf677134cd1d9a5c982b930e5b8f962a1aa8075b23d31bb070e8d28602f6336bede73c4f86b
Score

3^/10
behavioral11 behavioral12
- Target
  
  Bloom/node.dll
- Size
  
  11.8MB
- MD5
  
  228cb24f75ec0e1ff3ba21c42b439bad
- SHA1
  
  8a8f1a670c7b69e59a0bf37dc961eb53c54763e7
- SHA256
  
  389913a28cbd65d0fa36e39965f6682443f3cda536a44cee3b708dfef1da0034
- SHA512
  
  dd2da0312bcd7ef5cf033d74c83f4cdf39672de0de40ad70c8b9271523ce076e2cd41701b02fddbcb10bc4827bceba845c03fb8a9704d231171046fbf2a6feee
Score

1^/10
behavioral13 behavioral14
- Target
  
  Bloom/nw.dll
- Size
  
  135.1MB
- MD5
  
  489e0f5918e03f05484164fbf7bcb6b2
- SHA1
  
  c194749cc94f94ff57b7f8f8d036d52da23e67f1
- SHA256
  
  3706d03962609d3c64bcd7859a81dbe5b8f337020705bebe97d502e7a96b7455
- SHA512
  
  ae007e8822c56a7260adf39261340c1b33854c50a2c10d6aa4d52e4035451330be408b42c1f2c3497fcae95ee3eeeccd538214da5d28a68a5e878ae7458205c6
Score

3^/10
behavioral15 behavioral16
- Target
  
  Bloom/nw_elf.dll
- Size
  
  893KB
- MD5
  
  c73b8e71aa716278dda520c7f6d7d3b8
- SHA1
  
  2331fd8b3ed2cc02ee860f5faa0f12d6a80b00fe
- SHA256
  
  51cd730f33682a99410117cdac984f2e1ea21f7c8af113b0e830532e9849b316
- SHA512
  
  3475e87a75d0d5483945dd9fe81b56d66baca35342b1db0e21bc28b3dcccf193b834b067d268447a538343be81b23af4dbfbd864258261ce5d45d69ef88692a6
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources.bat
- Size
  
  293B
- MD5
  
  8bfb2637eb0b51909955e765bf8b14fe
- SHA1
  
  fe1b7da9e9c69739648352024675c65f211f9632
- SHA256
  
  b6cd6969d9ad5d0711bd350b800e7a3c26df31d37f4c9631670e259a8d0bd882
- SHA512
  
  9b4681f0508ca81545b877b20f33ccfadc6e093715b9fa730f521a36f2ab7ac1faf4ba961c76409fcbd7a5df90955e18fbe8f88138c3841afa7fcb654871bcd8
Score

10^/10

persistence plugx trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- PlugX Rat Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

PlugX Rat Payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20