General
-
Target
55bcc7fd77f97c3d732ab20d59c7a322aa2b6cc6015e8db7de5c0fd6bbdb2948
-
Size
337KB
-
Sample
220524-bae17saha9
-
MD5
8080425de714595a2d124403a0cb3d9f
-
SHA1
96d303f9e64ce8b08ffdd941e0c6e5bab6cc5808
-
SHA256
55bcc7fd77f97c3d732ab20d59c7a322aa2b6cc6015e8db7de5c0fd6bbdb2948
-
SHA512
006b83b8e55ee3076f45a65f1011129d73f8462a26c2b16d86735bdfef3b55aa261e903da44d1cbd381123fe83b1735eebd6885b3e776312653f0f43a5d55ff9
Malware Config
Targets
-
-
Target
55bcc7fd77f97c3d732ab20d59c7a322aa2b6cc6015e8db7de5c0fd6bbdb2948
-
Size
337KB
-
MD5
8080425de714595a2d124403a0cb3d9f
-
SHA1
96d303f9e64ce8b08ffdd941e0c6e5bab6cc5808
-
SHA256
55bcc7fd77f97c3d732ab20d59c7a322aa2b6cc6015e8db7de5c0fd6bbdb2948
-
SHA512
006b83b8e55ee3076f45a65f1011129d73f8462a26c2b16d86735bdfef3b55aa261e903da44d1cbd381123fe83b1735eebd6885b3e776312653f0f43a5d55ff9
Score10/10-
Detects PlugX Payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-