plugx | 7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f | Triage

Submit
Reports

Overview

overview

Static

static

7d443ca856...5f.exe

windows7_x64

7d443ca856...5f.exe

windows10-2004_x64

Sharing

General

Target

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
Size

300KB
Sample

220625-jzeqqscddl
MD5

b6c09f49e6d7472441e01d90d803cb11
SHA1

df04fb84795369edada908955e5b1d80c8be6c8d
SHA256

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
SHA512

ac8ae7a5081f94419fb42d3ec735e1f883917146b610b52aff27ebf81bf9498e790f86f98406888e7ceeda1db083bb4f47ebc3b30d45e4cb77e58db47cff91f6

Score

10^/10

plugx suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f.exe

Resource

win7-20220414-en

plugx suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f.exe

Resource

win10v2004-20220414-en

plugx suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
- Size
  
  300KB
- MD5
  
  b6c09f49e6d7472441e01d90d803cb11
- SHA1
  
  df04fb84795369edada908955e5b1d80c8be6c8d
- SHA256
  
  7d443ca8562cc1161e8df5b72b50cec904828fd8b58b36836eac57a7d56d8f5f
- SHA512
  
  ac8ae7a5081f94419fb42d3ec735e1f883917146b610b52aff27ebf81bf9498e790f86f98406888e7ceeda1db083bb4f47ebc3b30d45e4cb77e58db47cff91f6
Score

10^/10

plugx suricata trojan
- Detects PlugX Payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- suricata: ET MALWARE PlugX CnC Beacon
  suricata: ET MALWARE PlugX CnC Beacon
  suricata
- suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata
- suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata
- suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata
- suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
  suricata: ET MALWARE Wapack Labs Sinkhole DNS Reply
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

plugxsuricatatrojan

behavioral2

plugxsuricatatrojan

© 2018-2024

Terms | Privacy