Overview

overview

10

Static

static

8d97e718b3...6b.exe

windows7_x64

10

8d97e718b3...6b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b

  • Size

    302KB

  • Sample

    220625-cmplvacec6

  • MD5

    21fac61365987a8abfcd0b429a2497bf

  • SHA1

    114fc4d7533b3fd0dd4d034ae55847d4885d1c70

  • SHA256

    8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b

  • SHA512

    d86ab5c4e3f1a33a929a99fa57df943e7ae4086543f947f8178a1216d19c1c16c68f350b36a53b062b55d63f0491f6065a7c3e0813edac7f806158c7035da66b

Score
10/10
plugxsuricatatrojan

Malware Config

Targets

    • Target

      8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b

    • Size

      302KB

    • MD5

      21fac61365987a8abfcd0b429a2497bf

    • SHA1

      114fc4d7533b3fd0dd4d034ae55847d4885d1c70

    • SHA256

      8d97e718b37cc67721fa25fa05b78f12a750b1c6726805a23c43d3b5497d6e6b

    • SHA512

      d86ab5c4e3f1a33a929a99fa57df943e7ae4086543f947f8178a1216d19c1c16c68f350b36a53b062b55d63f0491f6065a7c3e0813edac7f806158c7035da66b

    Score
    10/10
    plugxtrojansuricata

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic

      suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks