plugx | 264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf | Triage

Submit
Reports

Overview

overview

Static

static

264f0a6d47...bf.dll

windows7_x64

264f0a6d47...bf.dll

windows10-2004_x64

Sharing

General

Target

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
Size

381KB
Sample

220616-kvq4msecb8
MD5

b17b80898eedfe9d51ac5f8da1b55a08
SHA1

1227c764f46482f5e30e5a53433f45cb1a7eabdb
SHA256

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
SHA512

e5afaf0e885efaf44d391bc63c46d97611af1119f5979f0f06ae109afe042af91944cdbd49ed6c84069f262ee8a5882d2450b1fcd929c6b61714665472192750

Score

10^/10

plugx suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf.dll

Resource

win7-20220414-en

plugx suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf.dll

Resource

win10v2004-20220414-en

plugx suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
- Size
  
  381KB
- MD5
  
  b17b80898eedfe9d51ac5f8da1b55a08
- SHA1
  
  1227c764f46482f5e30e5a53433f45cb1a7eabdb
- SHA256
  
  264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
- SHA512
  
  e5afaf0e885efaf44d391bc63c46d97611af1119f5979f0f06ae109afe042af91944cdbd49ed6c84069f262ee8a5882d2450b1fcd929c6b61714665472192750
Score

10^/10

plugx suricata trojan
- Detects PlugX Payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- suricata: ET MALWARE PlugX CnC Beacon
  suricata: ET MALWARE PlugX CnC Beacon
  suricata
- suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata
- suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata
- suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

plugxsuricatatrojan

behavioral2

plugxsuricatatrojan

© 2018-2024

Terms | Privacy