Overview

overview

10

Static

static

8

3bca199764...b.xlsm

windows7_x64

10

3bca199764...b.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bca1997648eb70fd53abcfd9f5b1880b58daea9aa4c8b434790ebb81ace182b

  • Size

    1.6MB

  • Sample

    220329-3e4znsghcm

  • MD5

    5fab2a427175d69f010acfd2caff68b0

  • SHA1

    69657f55e9fdc505a3681c4e5df680aecb89a780

  • SHA256

    3bca1997648eb70fd53abcfd9f5b1880b58daea9aa4c8b434790ebb81ace182b

  • SHA512

    1cf9b4ee4fb60906198e18a182bce4622bd6c5bef8ef32bedb38442c75c7966cc5ba705730dc3f3cc07dfb4cf60f9b7e70daa3c6975cca8cd405f4ac84e666ad

Score
10/10
plugxmacrotrojan

Malware Config

Targets

    • Target

      3bca1997648eb70fd53abcfd9f5b1880b58daea9aa4c8b434790ebb81ace182b

    • Size

      1.6MB

    • MD5

      5fab2a427175d69f010acfd2caff68b0

    • SHA1

      69657f55e9fdc505a3681c4e5df680aecb89a780

    • SHA256

      3bca1997648eb70fd53abcfd9f5b1880b58daea9aa4c8b434790ebb81ace182b

    • SHA512

      1cf9b4ee4fb60906198e18a182bce4622bd6c5bef8ef32bedb38442c75c7966cc5ba705730dc3f3cc07dfb4cf60f9b7e70daa3c6975cca8cd405f4ac84e666ad

    Score
    10/10
    plugxtrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • PlugX Rat Payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks