Overview

overview

10

Static

static

Microsoft.exe

windows7-x64

10

Microsoft.exe

windows10-1703-x64

8

Microsoft.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Microsoft.exe-

  • Size

    4.0MB

  • Sample

    220825-h5rrtaadb9

  • MD5

    083f54e1891baeb8783adc6ee775fc41

  • SHA1

    9f7b44476da46086e38f89f4eb2b9900629082a4

  • SHA256

    b55abbc07b02308c5315aa31de307ca62665d340806114a1992536584a5895d1

  • SHA512

    4c0ab2a86af49ed0fd129095962e11baa9fa9a9e0276473832be6c47bb8918c5c39a2f228a06e6f7d2aaa8d791c75645102ee5674ba44a9e3b9dc079c936d8ab

  • SSDEEP

    98304:Zwa9JkoXTaSRr+aV1uHIx5gjSTBvq+TYIMV3hMAo:Zr9UY5g0v0g

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      Microsoft.exe-

    • Size

      4.0MB

    • MD5

      083f54e1891baeb8783adc6ee775fc41

    • SHA1

      9f7b44476da46086e38f89f4eb2b9900629082a4

    • SHA256

      b55abbc07b02308c5315aa31de307ca62665d340806114a1992536584a5895d1

    • SHA512

      4c0ab2a86af49ed0fd129095962e11baa9fa9a9e0276473832be6c47bb8918c5c39a2f228a06e6f7d2aaa8d791c75645102ee5674ba44a9e3b9dc079c936d8ab

    • SSDEEP

      98304:Zwa9JkoXTaSRr+aV1uHIx5gjSTBvq+TYIMV3hMAo:Zr9UY5g0v0g

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks