Overview

overview

10

Static

static

bf0bfdf017...8a.exe

windows7_x64

10

bf0bfdf017...8a.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf0bfdf017bdce9ba2359784a42c4ce7ee3e1a6ce47716e0b31c40be8c61e18a

  • Size

    472KB

  • Sample

    220701-dzp9ksabaq

  • MD5

    46f2c5f4ba116e0abdc2165778adaa3a

  • SHA1

    27aad7de7c4f686992c9c378992f50d4e38445e3

  • SHA256

    bf0bfdf017bdce9ba2359784a42c4ce7ee3e1a6ce47716e0b31c40be8c61e18a

  • SHA512

    829b4eee0fe22febecb19a88064f420f46915b0716477e59613d378c1f5ab9becca3db62c841e1077a2af5f2fbbce54d16ff0821d64b1fffcf7494497a91d68e

Score
10/10
plugxsuricatatrojan

Malware Config

Targets

    • Target

      bf0bfdf017bdce9ba2359784a42c4ce7ee3e1a6ce47716e0b31c40be8c61e18a

    • Size

      472KB

    • MD5

      46f2c5f4ba116e0abdc2165778adaa3a

    • SHA1

      27aad7de7c4f686992c9c378992f50d4e38445e3

    • SHA256

      bf0bfdf017bdce9ba2359784a42c4ce7ee3e1a6ce47716e0b31c40be8c61e18a

    • SHA512

      829b4eee0fe22febecb19a88064f420f46915b0716477e59613d378c1f5ab9becca3db62c841e1077a2af5f2fbbce54d16ff0821d64b1fffcf7494497a91d68e

    Score
    10/10
    plugxsuricatatrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic

      suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks