General
-
Target
d8d59353d0e19957cd4cce5102dff5b706ed9c412db6b8778b3ea4726b2429b3
-
Size
253KB
-
Sample
220701-f16dasdgbm
-
MD5
1cc2207ffa2a3d081eee9ef034d57815
-
SHA1
8700ac9cb88ec7c6ac983bf2cd8ce29e3a070beb
-
SHA256
d8d59353d0e19957cd4cce5102dff5b706ed9c412db6b8778b3ea4726b2429b3
-
SHA512
c9cadb94f14748581b78ae20f90191aefccf531505dd94aefa56b0d23a852fd49a0d8343a5054ff247697d9ebf2ce3f4c6857beea6db6e7a753895576c05af2a
Malware Config
Targets
-
-
Target
d8d59353d0e19957cd4cce5102dff5b706ed9c412db6b8778b3ea4726b2429b3
-
Size
253KB
-
MD5
1cc2207ffa2a3d081eee9ef034d57815
-
SHA1
8700ac9cb88ec7c6ac983bf2cd8ce29e3a070beb
-
SHA256
d8d59353d0e19957cd4cce5102dff5b706ed9c412db6b8778b3ea4726b2429b3
-
SHA512
c9cadb94f14748581b78ae20f90191aefccf531505dd94aefa56b0d23a852fd49a0d8343a5054ff247697d9ebf2ce3f4c6857beea6db6e7a753895576c05af2a
Score10/10-
Detects PlugX Payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic
suricata: ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-