Overview

overview

10

Static

static

8

b4dfa03a75...3.xlsm

windows7_x64

10

b4dfa03a75...3.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33

  • Size

    1.6MB

  • Sample

    220329-3eqgaaghbr

  • MD5

    81a70d33c490b0b2af21a11869c6c589

  • SHA1

    8ebd33d404e0d6dd8eeb54165527534706e0829c

  • SHA256

    b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33

  • SHA512

    204a5bbc0516cb5c5662847c5ca43d3a96919fcc2d8815b3b0bcdc6d2d30fab01b0efec2a825c164728b5e8269bc73bc740f4da82f99c3de7b0ec7d0daf397c8

Score
10/10
plugxmacrotrojan

Malware Config

Targets

    • Target

      b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33

    • Size

      1.6MB

    • MD5

      81a70d33c490b0b2af21a11869c6c589

    • SHA1

      8ebd33d404e0d6dd8eeb54165527534706e0829c

    • SHA256

      b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33

    • SHA512

      204a5bbc0516cb5c5662847c5ca43d3a96919fcc2d8815b3b0bcdc6d2d30fab01b0efec2a825c164728b5e8269bc73bc740f4da82f99c3de7b0ec7d0daf397c8

    Score
    10/10
    plugxtrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • PlugX Rat Payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks