plugx | 45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f | Triage

Sharing

General

Target

45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f
Size

187KB
Sample

220913-k6bhbsahhn
MD5

89d025b55f7e4ffd942bbbe177dc7840
SHA1

2bbd1c11ddb32555f704640395568599bb2d31b0
SHA256

45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f
SHA512

92be745159f062bb1a336bb4c3eea5a2b9a53a8d5134bf624b932bf410c145e27b4b9aaedd3326bd76a97ba56cdc1552dd85952cc889de6fef51206deabc20ba
SSDEEP

3072:osc0lGgJJtaJXdlVVnXSRRABY3GNCQA1tRnB/rnWADLNBd61H3f9SWvJyLN1DLFm:o/0JJJtaJXdlVVnCXuCXtRnB/SAViHsi

Score

10^/10

plugx trojan

Malware Config

Targets

- Target
  
  RasTls.dll
- Size
  
  3KB
- MD5
  
  d5915394a6916a00c426aa2827d97c0e
- SHA1
  
  50064d66c9b55b6f7d22051b81914d8366fe36c8
- SHA256
  
  6cd5079a69d9a68029e37f2680f44b7ba71c2b1eecf4894c2a8b293d5f768f10
- SHA512
  
  56aa607a5a1bf095b017fd23a1007795f4bdd3a5a5efe571f7c74b7a4e37fb88f3031c26b5189e9f67328222b3dda621a7379da5341bfa95e25605b703ea6373
Score

3^/10
behavioral1 behavioral2
- Target
  
  RasTls.dll.res
- Size
  
  136KB
- MD5
  
  9ae8a7837c60f3f587701934ff41bd96
- SHA1
  
  ea7595bff1cfd1d72fe72417bf263d9adc9bc59e
- SHA256
  
  37b3fb9aa12277f355bbb334c82b41e4155836cf3a1b83e543ce53da9d429e2f
- SHA512
  
  61ba5240b9a2376f8c88616b229323f71775639d1629467847260d555251b5d9b9e36a7858d8ff1601e3661163020219c2b3192997acd323bf58b27f8ed2efe2
- SSDEEP
  
  3072:ksc0lGgJJtaJXdlVVnXSRRABY3GNCQA1tRnB/rnWADLNBd61H3f9SWv5:k/0JJJtaJXdlVVnCXuCXtRnB/SAViHsi
Score

3^/10
behavioral3 behavioral4
- Target
  
  RasTls.exe
- Size
  
  105KB
- MD5
  
  62944e26b36b1dcace429ae26ba66164
- SHA1
  
  2616da1697f7c764ee7fb558887a6a3279861fac
- SHA256
  
  f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68
- SHA512
  
  e3c366044ac0b4df834b2f05d900cad01bc55b39028984ed3486aa2522e8c226bf9a81952da2c7e4bf0bc2c322d10fe58329e787238bb710a137827927b48d7c
- SSDEEP
  
  1536:To0lZUH+MeI1M04n45PFmsMfgiqf5YXneJ07soW8VD5cN:TOw4jYgiqf5yh7sl8VF
Score

10^/10

plugx trojan
- Detects Talisman variant of PlugX
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6