plugx | 264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf | Triage

Submit
Reports

Overview

overview

Static

static

264f0a6d47...bf.dll

windows7_x64

264f0a6d47...bf.dll

windows10-2004_x64

Sharing

General

Target

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
Size

381KB
Sample

220616-kvq4msecb8
MD5

b17b80898eedfe9d51ac5f8da1b55a08
SHA1

1227c764f46482f5e30e5a53433f45cb1a7eabdb
SHA256

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
SHA512

e5afaf0e885efaf44d391bc63c46d97611af1119f5979f0f06ae109afe042af91944cdbd49ed6c84069f262ee8a5882d2450b1fcd929c6b61714665472192750

Score

10^/10

plugx suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf.dll

Resource

win7-20220414-en

plugx suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf.dll

Resource

win10v2004-20220414-en

plugx suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
- Size
  
  381KB
- MD5
  
  b17b80898eedfe9d51ac5f8da1b55a08
- SHA1
  
  1227c764f46482f5e30e5a53433f45cb1a7eabdb
- SHA256
  
  264f0a6d47f8c4578be602be1ea01dd634eace574afd7d44d854431721ffcabf
- SHA512
  
  e5afaf0e885efaf44d391bc63c46d97611af1119f5979f0f06ae109afe042af91944cdbd49ed6c84069f262ee8a5882d2450b1fcd929c6b61714665472192750
Score

10^/10

plugx suricata trojan
- Detects PlugX Payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- suricata: ET MALWARE PlugX CnC Beacon
  suricata: ET MALWARE PlugX CnC Beacon
  suricata
- suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata
- suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata
- suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxsuricatatrojan

behavioral2

plugxsuricatatrojan

© 2018-2025

Terms | Privacy