plugx | fa62a1ea32407f9f4eb1548c8bba0576b17ea2645f71bf33353f866410fd4ef5 | Triage

Submit
Reports

Overview

overview

Static

static

8

fd149c94ed...1f.exe

windows7_x64

fd149c94ed...1f.exe

windows10-2004_x64

Sharing

General

Target

7711846120.zip
Size

239KB
Sample

220713-3wlvescfhp
MD5

255796a5d51a56e95caa4aec64985422
SHA1

d4d9d3a6a2ba4cf73505d32d295c93097151b464
SHA256

fa62a1ea32407f9f4eb1548c8bba0576b17ea2645f71bf33353f866410fd4ef5
SHA512

da87421624b7120e9900b9d3a8282c166ce4871b27302f9fe72d53b6019a4008f932622b8197cf655f086c3486a1be210e533c734e7efb91c6502f220cd04eef

Score

10^/10

plugx suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f.exe

Resource

win7-20220414-en

plugx suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f.exe

Resource

win10v2004-20220414-en

plugx suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f
- Size
  
  254KB
- MD5
  
  4485d8844b083564cf510271d90d7399
- SHA1
  
  769d564f9b895c8d07fee07733782c548e30267a
- SHA256
  
  fd149c94edb66bd0951a544cb646c582c8d3f1edb01945579af7d1122a595b1f
- SHA512
  
  0f0e1eb3249e1a73ab51b08462dfd8871c9fe5db7b87090635a8b6930c830440a2a225c4e1ed5e8f596cea1672f65fcb1a383a47ea9e4133bde8cc9ed793efeb
Score

10^/10

plugx suricata trojan upx
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- suricata: ET MALWARE PlugX CnC Beacon
  suricata: ET MALWARE PlugX CnC Beacon
  suricata
- suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata: ET MALWARE PlugX/Destory HTTP traffic
  suricata
- suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata: ET MALWARE Possible PlugX Common Header Struct
  suricata
- suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata: ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2
  suricata
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

plugxsuricatatrojanupx

behavioral2

plugxsuricatatrojanupx

© 2018-2024

Terms | Privacy