General
-
Target
a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91
-
Size
497KB
-
Sample
220726-h1ld8sehcq
-
MD5
23595373d96bdbaf4a1361971aa96539
-
SHA1
020b0f179386a5ceee09e042ed7818ee42b2eba8
-
SHA256
a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91
-
SHA512
7e19addfec1ed3aa921f79c45a342e1ad5aa5db0483a2b9e54396335396e9c92545d8e49b4520ce562d1b786741bfceb940327acddbb020da87e93708bc5a783
Malware Config
Targets
-
-
Target
a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91
-
Size
497KB
-
MD5
23595373d96bdbaf4a1361971aa96539
-
SHA1
020b0f179386a5ceee09e042ed7818ee42b2eba8
-
SHA256
a9511cdaa96ed59de73a7a7c7dc375de204bee7a9511c5ee71bf013010324a91
-
SHA512
7e19addfec1ed3aa921f79c45a342e1ad5aa5db0483a2b9e54396335396e9c92545d8e49b4520ce562d1b786741bfceb940327acddbb020da87e93708bc5a783
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-