Overview

overview

10

Static

static

9c4c4c770a...34.exe

windows7_x64

10

9c4c4c770a...34.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c4c4c770a018612b780162bd046fd713e6347a72a5176ed0ee3e51b11823534

  • Size

    421KB

  • Sample

    220701-e8fl6sccgn

  • MD5

    bcf4313c5a74529513998ea9a3d4fefc

  • SHA1

    9e4044fd6b9fae1d5b5aa7bc3dd9e83780818f35

  • SHA256

    9c4c4c770a018612b780162bd046fd713e6347a72a5176ed0ee3e51b11823534

  • SHA512

    2e9f74a13233a1d5ad0c1d5564c12f6d8bd1ad0377c8240cb90aeefef71264a34e1c917e5b440feb07dbd4e65e487ecb912423f8765e33e7df1c3e58690825f5

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      9c4c4c770a018612b780162bd046fd713e6347a72a5176ed0ee3e51b11823534

    • Size

      421KB

    • MD5

      bcf4313c5a74529513998ea9a3d4fefc

    • SHA1

      9e4044fd6b9fae1d5b5aa7bc3dd9e83780818f35

    • SHA256

      9c4c4c770a018612b780162bd046fd713e6347a72a5176ed0ee3e51b11823534

    • SHA512

      2e9f74a13233a1d5ad0c1d5564c12f6d8bd1ad0377c8240cb90aeefef71264a34e1c917e5b440feb07dbd4e65e487ecb912423f8765e33e7df1c3e58690825f5

    Score
    10/10
    plugxtrojan

    • Detects PlugX Payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks