Overview

overview

10

Static

static

TikTok View.exe

windows7_x64

1

TikTok View.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TikTok View.exe

  • Size

    259KB

  • Sample

    220322-x2q4fadehj

  • MD5

    151e162aca199b8c9178bcf0cf788ace

  • SHA1

    afa427825d760d41e4c02c5a0b876a6984bdbf4e

  • SHA256

    8c95d6543ba370dfa78f91c4f52178dd7a612ff904dc2af60c40990130c7faab

  • SHA512

    8bf67194107dc8bfba2b480804a7d661240ab29751dce532fe8507173c859e7d57df0de701182b73ee3c2a3503f2d8f3a40846754c8ebaa4d0bc71d1a59e093d

Score
10/10
plugxdiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      TikTok View.exe

    • Size

      259KB

    • MD5

      151e162aca199b8c9178bcf0cf788ace

    • SHA1

      afa427825d760d41e4c02c5a0b876a6984bdbf4e

    • SHA256

      8c95d6543ba370dfa78f91c4f52178dd7a612ff904dc2af60c40990130c7faab

    • SHA512

      8bf67194107dc8bfba2b480804a7d661240ab29751dce532fe8507173c859e7d57df0de701182b73ee3c2a3503f2d8f3a40846754c8ebaa4d0bc71d1a59e093d

    Score
    10/10
    plugxdiscoveryspywarestealertrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • PlugX Rat Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks