plugx | 7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f | Triage

Submit
Reports

Overview

overview

Static

static

7d443ca856...5f.exe

windows7_x64

7d443ca856...5f.exe

windows10-2004_x64

Sharing

General

Target

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
Size

300KB
Sample

220625-jzeqqscddl
MD5

b6c09f49e6d7472441e01d90d803cb11
SHA1

df04fb84795369edada908955e5b1d80c8be6c8d
SHA256

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
SHA512

ac8ae7a5081f94419fb42d3ec735e1f883917146b610b52aff27ebf81bf9498e790f86f98406888e7ceeda1db083bb4f47ebc3b30d45e4cb77e58db47cff91f6

Score

10^/10

plugx suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f.exe

Resource

win7-20220414-en

plugx suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f.exe

Resource

win10v2004-20220414-en

plugx suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
- Size
  
  300KB
- MD5
  
  b6c09f49e6d7472441e01d90d803cb11
- SHA1
  
  df04fb84795369edada908955e5b1d80c8be6c8d
- SHA256
  
  7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
- SHA512
  
  ac8ae7a5081f94419fb42d3ec735e1f883917146b610b52aff27ebf81bf9498e790f86f98406888e7ceeda1db083bb4f47ebc3b30d45e4cb77e58db47cff91f6
Score

10^/10

plugx suricata trojan
- Detects PlugX Payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- suricata: ET MALWARE PlugX CnC Beacon
  suricata: ET MALWARE PlugX CnC Beacon
  suricata
- suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata
- suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata
- suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata
- suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
  suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxsuricatatrojan

behavioral2

plugxsuricatatrojan

© 2018-2025

Terms | Privacy