Overview

overview

10

Static

static

AvastSvcyH...th.dat

windows7-x64

3

AvastSvcyH...th.dat

windows10-2004-x64

3

AvastSvcyH...vc.exe

windows7-x64

10

AvastSvcyH...vc.exe

windows10-2004-x64

10

AvastSvcyHA/wsc.dll

windows7-x64

1

AvastSvcyHA/wsc.dll

windows10-2004-x64

1

Resubmissions

01-02-2024 15:37

240201-s2hpvaahdm 10

23-09-2022 05:24

220923-f363lshbel 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c5d9ac0741850b5e6bf3af8c807b7ccfdb1bfc702cd75d8897a27b1387031c7.zip

  • Size

    156KB

  • Sample

    220923-f363lshbel

  • MD5

    afcb806f4bea2d7edcdd4539ff177a62

  • SHA1

    c81b6fd7e8803b3159125cba7bfb946539e07d6f

  • SHA256

    2e1e9fcdf5c97ef55077a8c62ee0b60f614fa76e0fc5c06a7ac8a262ae67b21f

  • SHA512

    2591a1807f7fb07714e9daa6944e1d34a372e3e9159518c8b70b996c648bdcd9d3e060c164f8db5c5c70fe1852196ce723a6c6b26df08e58820e3df953fe6b91

  • SSDEEP

    3072:vNl3rFS9M2uznQfSb0P9FxrZl2iyiqdBn3Tbc2DG24Q:lRhSScSb0nxL7qjn3TbXDUQ

Score
10/10
plugxpersistencetrojan

Malware Config

Extracted

Family

plugx

C2

103.192.226.100:80

103.192.226.100:8000

103.192.226.100:8080

103.192.226.100:110
Mutex

GJsgXZYVrgqcUMNVXzvU

Attributes
  • folder

    AvastSvcyHA

Targets

    • Target

      AvastSvcyHA/AvastAuth.dat

    • Size

      160KB

    • MD5

      03a75e4fd64e9b46d0dfff2589d27822

    • SHA1

      099199fe7bf4e7245e44e9a977178348a37a4f61

    • SHA256

      5eaaf8ac2d358c2d7065884b7994638fee3987f02474e54467f14b010a18d028

    • SHA512

      0d85b7e220a359a75555ebd929396b73417ebff8d8f713b4053c9ebc99b51325e507220efbca8afa259dc18d6f09fc3f036bfe3190ff1225153db037932a7de1

    • SSDEEP

      3072:1o6dVZjvZPKwu+rYA/cpZq1lQoRZv1tcZMIIDHIfztOgz01:66do+L/sI5wZMmtY

    Score
    3/10
    behavioral1behavioral2

    • Target

      AvastSvcyHA/AvastSvc.exe

    • Size

      60KB

    • MD5

      a72036f635cecf0dcb1e9c6f49a8fa5b

    • SHA1

      049813b955db1dd90952657ae2bd34250153563e

    • SHA256

      85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654

    • SHA512

      e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2

    • SSDEEP

      768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

    Score
    10/10
    plugxpersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      AvastSvcyHA/wsc.dll

    • Size

      52KB

    • MD5

      fd866f6e1b997c31bdb6ba24361663e5

    • SHA1

      fdf4296522e9ad7ed6d2b7a8aa53debb15566c19

    • SHA256

      28875b1d6206e41ddcdbae56c6001915735c08f11f6a77db5a7107a4236afb34

    • SHA512

      05e8aeb4d0f318db1943797f22388cbc43432b8206fc2b2a38505f2cacbcf25b7058015ea5e462d1778f20b3b31e256a1747f7416e26a939e5eb60b8664ad49c

    • SSDEEP

      768:nqAyRlzgT291lvLotX8UoImwKtZ+eiVoKWUkfbZoJBl:nqAyR1gTWPc3mwje3o2oJ

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks