plugx

Sharing

Copy URL

Twitter E-mail

General

Target

3840x2970 DC Comics HD Wallpaper and Background.txt.iso
Size

124.7MB
Sample

220322-s3wyvscfbr
MD5

cceab2697bd2b6bfc3e30dfda8ee22b8
SHA1

9267c9acb320e4c28d8de6b1638f8459a5a57001
SHA256

59821b8aabe5acc8b1eb91ed2de2cba91b05351c3d9e3bf52ba0ba786f359b87
SHA512

8f6590698624a5aae32a43844d98d1fb745ae9c501a358615263df30b533031d829eed3168e3189447903154ad3dd6254469b16ca9631a1a456246b00609cfc8

Score

10^/10

Malware Config

Targets

- Target
  
  Install.lnk
- Size
  
  1KB
- MD5
  
  bfd7d505168be59a0e51765c53e69ca5
- SHA1
  
  c2dc5035d451873d1adfce8b2d41e2b3561b8ef4
- SHA256
  
  2f00d7cd954bcb1fffdc3f14fde7f239b4eb3aecc9f6ac24540ed25856969f33
- SHA512
  
  96201f70ddce456dcefe89ad46716421523a7367d2e3d85ef06c8329a7144793e228701a3536a75379dbbb57f96cd060547c1bf2eb74cb343f278b0de03e6d2e
Score

3^/10
behavioral1 behavioral2
- Target
  
  Bloom/Bloom.exe
- Size
  
  128.1MB
- MD5
  
  c8635ab554fb726513b5e6e54409e185
- SHA1
  
  353e271c00088c4195bd12af3241038004906ed5
- SHA256
  
  ae2b6557d6f2b37ba44cc8d7c80ebb66ec2d56392f7ee65ab3ca5108aed90674
- SHA512
  
  ac1daff8596e9258d019dbcc5f1447bf2cd1ffad87629a1742eac3a725352ca52c2f51a898936c8eaf3ffedd5f4733c86fe56d7bd69be42a2ba2242a52620dfa
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  Bloom/d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
Score

3^/10
behavioral5 behavioral6
- Target
  
  Bloom/ffmpeg.dll
- Size
  
  1.7MB
- MD5
  
  dd861e1e5a552fa88759b995d92a8c52
- SHA1
  
  c1e8ab9f6abc84ce46ea3ddadbf7c5f5b671776a
- SHA256
  
  09385bebc5b187013f61eadbbd78cc3ce57450f817ac015f80eeec088487e1a4
- SHA512
  
  0ebc82b17fe04cedb97451183c6280fec3838bed8ed0944530ea025e7aa36dac73092d16a9b975094b2ac85b1184d2f985598bc1856776f1679303c0e4e6f42a
Score

1^/10
behavioral7 behavioral8
- Target
  
  Bloom/libEGL.dll
- Size
  
  389KB
- MD5
  
  49fff6d4cdc65bb474ce030e55ed1d5c
- SHA1
  
  05318533a1c7ff3704be08a4738f3ef98e4514f8
- SHA256
  
  2808219d604965abf74b4de1d1e6d963d1852137c09e35c63360bb83443e6295
- SHA512
  
  c3273418a48b03aae6f1c8961c755c5e5d9da270c2b4b511c18c17a330a5855bc1404a1ae0927ee277fa46916c692d1ad09ec8a7f3b5a912563c9cc7a0cb2c94
Score

1^/10
behavioral9 behavioral10
- Target
  
  Bloom/libGLESv2.dll
- Size
  
  7.8MB
- MD5
  
  f0491de8163465685eb5b824ce083d98
- SHA1
  
  d079d44a544fb8f1395202f15889928d35cfe8fc
- SHA256
  
  eb22c1d16db8e23270b444c7a021ba65331fa7b456fd911f3133599bddd42189
- SHA512
  
  f7d80c4848402c2021be90eafe7c799547efd7365c31eddb775afcf677134cd1d9a5c982b930e5b8f962a1aa8075b23d31bb070e8d28602f6336bede73c4f86b
Score

3^/10
behavioral11 behavioral12
- Target
  
  Bloom/node.dll
- Size
  
  11.8MB
- MD5
  
  d936d2e45c450b71c5b1fefa38528508
- SHA1
  
  9b806c5004c7bd569a3ebff65e453acf614b3805
- SHA256
  
  471157022fe50f6d968ee35a5e78a588708fed40aaff1cfeeba17477910d161b
- SHA512
  
  bbe61dd20a6b02bbd6bebe29e11d6eab0753e352f9da9906f8047a29363642e2d955ba5b20a3c9a6a513fa77f0a362d110a6849df8c8901136d4122f24f54c4c
Score

1^/10
behavioral13 behavioral14
- Target
  
  Bloom/nw.dll
- Size
  
  135.1MB
- MD5
  
  3d2dadc029a8b5fc745a956c1a5ee568
- SHA1
  
  a353b0fec54f5c853109b175cea49893b72f539e
- SHA256
  
  b756c3f4de49600d23f369718cad7eb8645f7ada1dfafc71f47c18e3e2c5aadd
- SHA512
  
  c513823f9ffaaba52d90f0a7733274787cbc9f380b3670da145a96947b4e1f6a539393f29ee22b65432048b8e15bd4014b760ec73e4e63a7b80975706467a5b5
Score

3^/10
behavioral15 behavioral16
- Target
  
  Bloom/nw_elf.dll
- Size
  
  893KB
- MD5
  
  c73b8e71aa716278dda520c7f6d7d3b8
- SHA1
  
  2331fd8b3ed2cc02ee860f5faa0f12d6a80b00fe
- SHA256
  
  51cd730f33682a99410117cdac984f2e1ea21f7c8af113b0e830532e9849b316
- SHA512
  
  3475e87a75d0d5483945dd9fe81b56d66baca35342b1db0e21bc28b3dcccf193b834b067d268447a538343be81b23af4dbfbd864258261ce5d45d69ef88692a6
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources.bat
- Size
  
  297B
- MD5
  
  4f1e373b0722cbb9c21cc0ac8322ed74
- SHA1
  
  8049f6d60b0fc03ad792a13e634a661d1fc37af0
- SHA256
  
  1fd144713737510991caa7dbdf03451aee1edc80e7a99773b38ec1f0b436a4d8
- SHA512
  
  42b7710eaf3746a27dc7f4578ddebbc36adc075d4f68bb2fbddfdbf8c6d60018fe1d4246aa3a28becaec8990b9c9f51107c96321a526570c20e80351e22ed95d
Score

10^/10

persistence plugx trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- PlugX Rat Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

PlugX Rat Payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20