Overview

overview

10

Static

static

748a09ee75...66.exe

windows7_x64

10

748a09ee75...66.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66

  • Size

    322KB

  • Sample

    220625-v68g6sdgck

  • MD5

    deacce089de71aa3d685e4b5fd84cccb

  • SHA1

    0e59ed3c487e54e188012ad9990553b4eae04624

  • SHA256

    748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66

  • SHA512

    34ac9e7d7a2d05d82726d54d1325dc46aa230ceea164b8de725c0660947b90fcadb69ad59225af00275f6384d13b841dc6ceb756772f20a608fd602bd4c615b4

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66

    • Size

      322KB

    • MD5

      deacce089de71aa3d685e4b5fd84cccb

    • SHA1

      0e59ed3c487e54e188012ad9990553b4eae04624

    • SHA256

      748a09ee75795e741e3d15dfa38b4869ae4bb4c574c30197f9c7d0f023e8eb66

    • SHA512

      34ac9e7d7a2d05d82726d54d1325dc46aa230ceea164b8de725c0660947b90fcadb69ad59225af00275f6384d13b841dc6ceb756772f20a608fd602bd4c615b4

    Score
    10/10
    plugxtrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks