General

  • Target

    GaBiEducation9.2.1.68_desktop.exe

  • Size

    193MB

  • Sample

    220914-jhx6raheh6

  • MD5

    e0b8ed89f55f785e7e45f9c57b4aa14b

  • SHA1

    ffc0f6e2deaa984a803cb3f23a4c735e3bc652db

  • SHA256

    28a920e33768735e25af7b1c751f58ebda4ccc5adee11687a67746c74ae34d6c

  • SHA512

    13f939758d6f9ca41b52f0b55c5f2df1a7b0c937f6445c4b98a885b60a5d783dcf58a14ff69f8fa683ff6af69c7393a0b306bafc9e5857946a41365c5e57cece

  • SSDEEP

    6291456:vuFFBo/i0YGa6ZLezuZ5IOfmWdJXWxgzb:QFS60hsuaWd0G

Score
10/10

Malware Config

Targets

    • Target

      GaBiEducation9.2.1.68_desktop.exe

    • Size

      193MB

    • MD5

      e0b8ed89f55f785e7e45f9c57b4aa14b

    • SHA1

      ffc0f6e2deaa984a803cb3f23a4c735e3bc652db

    • SHA256

      28a920e33768735e25af7b1c751f58ebda4ccc5adee11687a67746c74ae34d6c

    • SHA512

      13f939758d6f9ca41b52f0b55c5f2df1a7b0c937f6445c4b98a885b60a5d783dcf58a14ff69f8fa683ff6af69c7393a0b306bafc9e5857946a41365c5e57cece

    • SSDEEP

      6291456:vuFFBo/i0YGa6ZLezuZ5IOfmWdJXWxgzb:QFS60hsuaWd0G

    Score
    10/10
    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks