Overview

overview

10

Static

static

d94f7339ad...8e.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d94f7339adc602aa67859fe8532cc87cc6f131af885ad678795490b1cf98fc8e

  • Size

    579KB

  • Sample

    220519-ephmesahc7

  • MD5

    0bc6098d03c4faeb17dcf633f5de4652

  • SHA1

    4c7912cfcab3fd03413110e7d428981aca5e0331

  • SHA256

    d94f7339adc602aa67859fe8532cc87cc6f131af885ad678795490b1cf98fc8e

  • SHA512

    03a25ce05b3d112c2c3fcd5a67bd65b7f02c1a4abc2bf7203a8ea44d6fe5d1703b08da87ddde1ab7ca3f3283e31fd870d7a8dcace03ffb0067c99272bd1374be

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      d94f7339adc602aa67859fe8532cc87cc6f131af885ad678795490b1cf98fc8e

    • Size

      579KB

    • MD5

      0bc6098d03c4faeb17dcf633f5de4652

    • SHA1

      4c7912cfcab3fd03413110e7d428981aca5e0331

    • SHA256

      d94f7339adc602aa67859fe8532cc87cc6f131af885ad678795490b1cf98fc8e

    • SHA512

      03a25ce05b3d112c2c3fcd5a67bd65b7f02c1a4abc2bf7203a8ea44d6fe5d1703b08da87ddde1ab7ca3f3283e31fd870d7a8dcace03ffb0067c99272bd1374be

    Score
    10/10
    plugxtrojan

    • Detects Talisman variant of PlugX

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks