Overview

overview

10

Static

static

12d5947704...96.exe

windows7_x64

10

12d5947704...96.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096

  • Size

    327KB

  • Sample

    220524-dt14wsdha6

  • MD5

    c48cdf2ce519307358ead3512e31f264

  • SHA1

    47ac40fe2bee7931c15450ec7e2c556d15fa5149

  • SHA256

    12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096

  • SHA512

    fbb6b5f776b3853827b780516ba71a394a84845f0c51a1370c3d834db18cf91341edb87a1e0af8c9be550790b64bf192c2ed1ce57e343e32e03740c0a54e4446

Score
10/10
plugxsuricatatrojan

Malware Config

Targets

    • Target

      12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096

    • Size

      327KB

    • MD5

      c48cdf2ce519307358ead3512e31f264

    • SHA1

      47ac40fe2bee7931c15450ec7e2c556d15fa5149

    • SHA256

      12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096

    • SHA512

      fbb6b5f776b3853827b780516ba71a394a84845f0c51a1370c3d834db18cf91341edb87a1e0af8c9be550790b64bf192c2ed1ce57e343e32e03740c0a54e4446

    Score
    10/10
    plugxsuricatatrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • suricata: ET MALWARE PlugX/Destory HTTP traffic

      suricata: ET MALWARE PlugX/Destory HTTP traffic

      suricata

    • suricata: ET MALWARE Possible PlugX Common Header Struct

      suricata: ET MALWARE Possible PlugX Common Header Struct

      suricata

    • suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2

      suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks