General
-
Target
748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66
-
Size
322KB
-
Sample
220625-v68g6sdgck
-
MD5
deacce089de71aa3d685e4b5fd84cccb
-
SHA1
0e59ed3c487e54e188012ad9990553b4eae04624
-
SHA256
748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66
-
SHA512
34ac9e7d7a2d05d82726d54d1325dc46aa230ceea164b8de725c0660947b90fcadb69ad59225af00275f6384d13b841dc6ceb756772f20a608fd602bd4c615b4
Malware Config
Targets
-
-
Target
748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66
-
Size
322KB
-
MD5
deacce089de71aa3d685e4b5fd84cccb
-
SHA1
0e59ed3c487e54e188012ad9990553b4eae04624
-
SHA256
748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66
-
SHA512
34ac9e7d7a2d05d82726d54d1325dc46aa230ceea164b8de725c0660947b90fcadb69ad59225af00275f6384d13b841dc6ceb756772f20a608fd602bd4c615b4
Score10/10-
Detects PlugX Payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-