Overview

overview

10

Static

static

e81499ace2...12.exe

windows7_x64

10

e81499ace2...12.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e81499ace2dbbe9d2a4ee5bceb25fa749c525aa604ebf16038c9d97a44037812

  • Size

    284KB

  • Sample

    220625-v67wmsdgcj

  • MD5

    0e436441d1c0e84f2d70d725703cfe40

  • SHA1

    c1c4c3803c09010b23967f0fa650377966eb10c6

  • SHA256

    e81499ace2dbbe9d2a4ee5bceb25fa749c525aa604ebf16038c9d97a44037812

  • SHA512

    e28a61ca0cb09a96f57b9a23b501ffd05aef8a99d910efc8fe8e40e7a86b2ab9273aa3e4522712871b46512b595176d99d07279da743e8d3668277475460b813

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      e81499ace2dbbe9d2a4ee5bceb25fa749c525aa604ebf16038c9d97a44037812

    • Size

      284KB

    • MD5

      0e436441d1c0e84f2d70d725703cfe40

    • SHA1

      c1c4c3803c09010b23967f0fa650377966eb10c6

    • SHA256

      e81499ace2dbbe9d2a4ee5bceb25fa749c525aa604ebf16038c9d97a44037812

    • SHA512

      e28a61ca0cb09a96f57b9a23b501ffd05aef8a99d910efc8fe8e40e7a86b2ab9273aa3e4522712871b46512b595176d99d07279da743e8d3668277475460b813

    Score
    10/10
    plugxtrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks