Overview

overview

10

Static

static

AvastSvcyH...vc.exe

windows7-x64

10

AvastSvcyH...vc.exe

windows10-2004-x64

10

AvastSvcyHA/wsc.dll

windows7-x64

1

AvastSvcyHA/wsc.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2021-02-16_07-49_86950b81df2003d08ae4a7869ecf88fe.zip

  • Size

    156KB

  • Sample

    220919-ecr1bsahcn

  • MD5

    86950b81df2003d08ae4a7869ecf88fe

  • SHA1

    e5bf4883a3fb459f503dec2398b749fcfb081681

  • SHA256

    3c5d9ac0741850b5e6bf3af8c807b7ccfdb1bfc702cd75d8897a27b1387031c7

  • SHA512

    5ae7fde020f6ed33d7b839fd816397595af073bc303c8f7d0bc4fd83e83af01bb428233c7bbfc7d7ea59a7f84e0eb6f67db26077ba6ada0f6b69ecc4cefd97bf

  • SSDEEP

    3072:s2xtDopacaOLA2Z7mOAPsNXOGsxsnbOHcG4oVfsUh/AyaQhvQRmdRJQnMu1L:s20ZauBmrae/xabQfVfvAydBQRuRJQMQ

Score
10/10
plugxpersistencetrojan

Malware Config

Extracted

Family

plugx

C2

103.192.226.100:80

103.192.226.100:8000

103.192.226.100:8080

103.192.226.100:110
Mutex

GJsgXZYVrgqcUMNVXzvU

Attributes
  • folder

    AvastSvcyHA

Targets

    • Target

      AvastSvcyHA/AvastSvc.exe

    • Size

      60KB

    • MD5

      a72036f635cecf0dcb1e9c6f49a8fa5b

    • SHA1

      049813b955db1dd90952657ae2bd34250153563e

    • SHA256

      85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654

    • SHA512

      e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2

    • SSDEEP

      768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

    Score
    10/10
    plugxpersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      AvastSvcyHA/wsc.dll

    • Size

      52KB

    • MD5

      fd866f6e1b997c31bdb6ba24361663e5

    • SHA1

      fdf4296522e9ad7ed6d2b7a8aa53debb15566c19

    • SHA256

      28875b1d6206e41ddcdbae56c6001915735c08f11f6a77db5a7107a4236afb34

    • SHA512

      05e8aeb4d0f318db1943797f22388cbc43432b8206fc2b2a38505f2cacbcf25b7058015ea5e462d1778f20b3b31e256a1747f7416e26a939e5eb60b8664ad49c

    • SSDEEP

      768:nqAyRlzgT291lvLotX8UoImwKtZ+eiVoKWUkfbZoJBl:nqAyR1gTWPc3mwje3o2oJ

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks