General
-
Target
12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096
-
Size
327KB
-
Sample
220524-dt14wsdha6
-
MD5
c48cdf2ce519307358ead3512e31f264
-
SHA1
47ac40fe2bee7931c15450ec7e2c556d15fa5149
-
SHA256
12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096
-
SHA512
fbb6b5f776b3853827b780516ba71a394a84845f0c51a1370c3d834db18cf91341edb87a1e0af8c9be550790b64bf192c2ed1ce57e343e32e03740c0a54e4446
Malware Config
Targets
-
-
Target
12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096
-
Size
327KB
-
MD5
c48cdf2ce519307358ead3512e31f264
-
SHA1
47ac40fe2bee7931c15450ec7e2c556d15fa5149
-
SHA256
12d59477048b530ad04242c8c8849b283051e71e02e136829b6e4152d144d096
-
SHA512
fbb6b5f776b3853827b780516ba71a394a84845f0c51a1370c3d834db18cf91341edb87a1e0af8c9be550790b64bf192c2ed1ce57e343e32e03740c0a54e4446
Score10/10-
Detects PlugX Payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
suricata: ET MALWARE PlugX/Destory HTTP traffic
suricata: ET MALWARE PlugX/Destory HTTP traffic
-
suricata: ET MALWARE Possible PlugX Common Header Struct
suricata: ET MALWARE Possible PlugX Common Header Struct
-
suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-