Overview

overview

10

Static

static

a9511cdaa9...91.exe

windows7-x64

10

a9511cdaa9...91.exe

windows10-2004-x64

10

Resubmissions

26-07-2022 07:12

220726-h1ld8sehcq 10

24-02-2022 11:15

220224-nczjvachd8 8

02-08-2021 09:23

210802-dz94clans6 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91

  • Size

    497KB

  • Sample

    220726-h1ld8sehcq

  • MD5

    23595373d96bdbaf4a1361971aa96539

  • SHA1

    020b0f179386a5ceee09e042ed7818ee42b2eba8

  • SHA256

    a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91

  • SHA512

    7e19addfec1ed3aa921f79c45a342e1ad5aa5db0483a2b9e54396335396e9c92545d8e49b4520ce562d1b786741bfceb940327acddbb020da87e93708bc5a783

Score
10/10
plugxpersistencetrojan

Malware Config

Targets

    • Target

      a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91

    • Size

      497KB

    • MD5

      23595373d96bdbaf4a1361971aa96539

    • SHA1

      020b0f179386a5ceee09e042ed7818ee42b2eba8

    • SHA256

      a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91

    • SHA512

      7e19addfec1ed3aa921f79c45a342e1ad5aa5db0483a2b9e54396335396e9c92545d8e49b4520ce562d1b786741bfceb940327acddbb020da87e93708bc5a783

    Score
    10/10
    plugxtrojanpersistence

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks