General
-
Target
7711846120.zip
-
Size
239KB
-
Sample
220713-3wlvescfhp
-
MD5
255796a5d51a56e95caa4aec64985422
-
SHA1
d4d9d3a6a2ba4cf73505d32d295c93097151b464
-
SHA256
fa62a1ea32407f9f4eb1548c8bba0576b17ea2645f71bf33353f866410fd4ef5
-
SHA512
da87421624b7120e9900b9d3a8282c166ce4871b27302f9fe72d53b6019a4008f932622b8197cf655f086c3486a1be210e533c734e7efb91c6502f220cd04eef
Malware Config
Targets
-
-
Target
fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f
-
Size
254KB
-
MD5
4485d8844b083564cf510271d90d7399
-
SHA1
769d564f9b895c8d07fee07733782c548e30267a
-
SHA256
fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f
-
SHA512
0f0e1eb3249e1a73ab51b08462dfd8871c9fe5db7b87090635a8b6930c830440a2a225c4e1ed5e8f596cea1672f65fcb1a383a47ea9e4133bde8cc9ed793efeb
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
suricata: ET MALWARE PlugX CnC Beacon
suricata: ET MALWARE PlugX CnC Beacon
-
suricata: ET MALWARE PlugX/Destory HTTP traffic
suricata: ET MALWARE PlugX/Destory HTTP traffic
-
suricata: ET MALWARE Possible PlugX Common Header Struct
suricata: ET MALWARE Possible PlugX Common Header Struct
-
suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
-
Blocklisted process makes network request
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-