Overview

overview

10

Static

static

2c49a7c58e...fd.exe

windows7_x64

10

2c49a7c58e...fd.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c49a7c58ebe5473d28a57ce46ba6e7d915405bfbcaf9f61282193f25f2432fd

  • Size

    337KB

  • Sample

    220614-28gwkadhc5

  • MD5

    b39b15e19c999636338d3e131e321a45

  • SHA1

    01b9fe987e2a06f3db812fce719ab1d24cfa354e

  • SHA256

    2c49a7c58ebe5473d28a57ce46ba6e7d915405bfbcaf9f61282193f25f2432fd

  • SHA512

    2f4915deb55156322a32d5c80e4b34fa112fd31e1895eca51cf170951dcafcc3c99ceac05fbfab693c9e60582759d677b6ae31d4c52715bfb41638abe1b3ed72

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      2c49a7c58ebe5473d28a57ce46ba6e7d915405bfbcaf9f61282193f25f2432fd

    • Size

      337KB

    • MD5

      b39b15e19c999636338d3e131e321a45

    • SHA1

      01b9fe987e2a06f3db812fce719ab1d24cfa354e

    • SHA256

      2c49a7c58ebe5473d28a57ce46ba6e7d915405bfbcaf9f61282193f25f2432fd

    • SHA512

      2f4915deb55156322a32d5c80e4b34fa112fd31e1895eca51cf170951dcafcc3c99ceac05fbfab693c9e60582759d677b6ae31d4c52715bfb41638abe1b3ed72

    Score
    10/10
    plugxtrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks