General
-
Target
b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33
-
Size
1.6MB
-
Sample
220329-3eqgaaghbr
-
MD5
81a70d33c490b0b2af21a11869c6c589
-
SHA1
8ebd33d404e0d6dd8eeb54165527534706e0829c
-
SHA256
b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33
-
SHA512
204a5bbc0516cb5c5662847c5ca43d3a96919fcc2d8815b3b0bcdc6d2d30fab01b0efec2a825c164728b5e8269bc73bc740f4da82f99c3de7b0ec7d0daf397c8
Malware Config
Targets
-
-
Target
b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33
-
Size
1.6MB
-
MD5
81a70d33c490b0b2af21a11869c6c589
-
SHA1
8ebd33d404e0d6dd8eeb54165527534706e0829c
-
SHA256
b4dfa03a75594d4eb89ee173a82f976245ef874079ffa9359c748d5ee9ff5d33
-
SHA512
204a5bbc0516cb5c5662847c5ca43d3a96919fcc2d8815b3b0bcdc6d2d30fab01b0efec2a825c164728b5e8269bc73bc740f4da82f99c3de7b0ec7d0daf397c8
Score10/10-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
PlugX Rat Payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-