Overview

overview

10

Static

static

5fc3a63d5b...e1.exe

windows7-x64

10

5fc3a63d5b...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fc3a63d5b76578a23f1aa59bc7618dd73fc42fe78355294bf587fb7587579e1

  • Size

    260KB

  • Sample

    220731-lbbqaahga5

  • MD5

    f43faec42c367d3c8ea3c6b193398ed0

  • SHA1

    360f85bde56f166c72690f09c765496a7e931dd6

  • SHA256

    5fc3a63d5b76578a23f1aa59bc7618dd73fc42fe78355294bf587fb7587579e1

  • SHA512

    2afba8a444824211e072e16fcf03a188fded5b324c4004180f772bacc503330899ace0c9ae9e2e97b7c0db989f9e8dd1cfaeed4d53e02d0fd84a7725f45dbce5

Score
10/10
plugxtrojanupx

Malware Config

Targets

    • Target

      5fc3a63d5b76578a23f1aa59bc7618dd73fc42fe78355294bf587fb7587579e1

    • Size

      260KB

    • MD5

      f43faec42c367d3c8ea3c6b193398ed0

    • SHA1

      360f85bde56f166c72690f09c765496a7e931dd6

    • SHA256

      5fc3a63d5b76578a23f1aa59bc7618dd73fc42fe78355294bf587fb7587579e1

    • SHA512

      2afba8a444824211e072e16fcf03a188fded5b324c4004180f772bacc503330899ace0c9ae9e2e97b7c0db989f9e8dd1cfaeed4d53e02d0fd84a7725f45dbce5

    Score
    10/10
    plugxtrojanupx

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks