Overview

overview

10

Static

static

8

6e4513d1bc...9.xlsm

windows7_x64

10

6e4513d1bc...9.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e4513d1bc45644004b84e3a4bfc027b428bea3484ceaaa7489778fa9f7a88c9

  • Size

    1.6MB

  • Sample

    220329-3ewy3acfg9

  • MD5

    d9c0d4a7bbb8ec67b195daa158f04f5f

  • SHA1

    ffcfeca98f3aeb343bba753cd3d84f1770b7665e

  • SHA256

    6e4513d1bc45644004b84e3a4bfc027b428bea3484ceaaa7489778fa9f7a88c9

  • SHA512

    421f6ddda2c26ba8434cde9a9c8337b8dc88c3d8be378b0f56d1f9bb8ef3e675e3f4b2a8a03f5f6df6dd2b039a0beed1791a1e8c5c35adb7c926b433d597f228

Score
10/10
plugxmacrotrojan

Malware Config

Targets

    • Target

      6e4513d1bc45644004b84e3a4bfc027b428bea3484ceaaa7489778fa9f7a88c9

    • Size

      1.6MB

    • MD5

      d9c0d4a7bbb8ec67b195daa158f04f5f

    • SHA1

      ffcfeca98f3aeb343bba753cd3d84f1770b7665e

    • SHA256

      6e4513d1bc45644004b84e3a4bfc027b428bea3484ceaaa7489778fa9f7a88c9

    • SHA512

      421f6ddda2c26ba8434cde9a9c8337b8dc88c3d8be378b0f56d1f9bb8ef3e675e3f4b2a8a03f5f6df6dd2b039a0beed1791a1e8c5c35adb7c926b433d597f228

    Score
    10/10
    plugxtrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • PlugX Rat Payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks