plugx | 005c66b92f2d170ce77c25a01d15061f47cc34bae8e7c75ae5a01a97617f1a73

Sharing

Copy URL

Twitter E-mail

General

Target

Instagram _Rocket+Plus_v255.0_6188219885445711344.ipa
Size

99.9MB
Sample

221004-v1m92sbhgq
MD5

bb57d13f154c22c75186bf904e43f2d1
SHA1

65199e6f9f5ef8b27f329607ff386a3d74d818a1
SHA256

005c66b92f2d170ce77c25a01d15061f47cc34bae8e7c75ae5a01a97617f1a73
SHA512

07fa7bde66f0ab95dcdf65f97b54f2a2d6969af5fe4d0e8b8290f41858386640092cf8c24c4e10ab4d80908dc2e0d8c0cd0fad6e493ff6057ed6e954bf5a1e8f
SSDEEP

3145728:waoIwpMsBkVblMyowfs/fq6kz8sJGXQvR:HwtkVblMHqvz8RAJ

Score

10^/10

plugx macos

Malware Config

Targets

- Target
  
  Payload/Instagram.app/FBBrowserIntegrityLoggingKit.bundle/html-tags.js
- Size
  
  231B
- MD5
  
  bb000f36e2d0583469f15668d31c3859
- SHA1
  
  0380b894a80e91174abeb16620ecb97bc5accf3a
- SHA256
  
  4d1f81c19d17b2fe1982ff29f495636d336554afd27328d6642407fa72040c24
- SHA512
  
  7a2490f579a9da05555845161680dbed96b8e6befe5159a7c3c590b5fe5d21a52742b51dada0b514a92eea0117daf49a63ad78ce65061c295fd5bb5ee4a745c2
Score

1^/10
behavioral1 behavioral2
- Target
  
  Payload/Instagram.app/FBBrowserIntegrityLoggingKit.bundle/images-sizes.js
- Size
  
  197B
- MD5
  
  2afa5c238423ba09fcdfb115125282b1
- SHA1
  
  dbb4c66b2684e162449ca0ecfcc4a704d73a839d
- SHA256
  
  e10aee6e85e85490473ec14092c154900e7e4bf2c34853bbd736127c1c94aa55
- SHA512
  
  44136f7e8e533777ff3161ab960878e283611fca6d4560b717a7f34dbb223bb9c80585243e8f8aeb556e655e71c737880d7be60585317ec6dda20d02eb12b4bd
Score

1^/10
behavioral3 behavioral4
- Target
  
  Payload/Instagram.app/FBBrowserIntegrityLoggingKit.bundle/resources.js
- Size
  
  219B
- MD5
  
  cf2d057ed7d2562617ad43c4cf598b0e
- SHA1
  
  470d91a2f0a19eea5186429521618cc0493084df
- SHA256
  
  9cccfe0b5334c4c2a0c73d57e47abdff021ffa6d3b019689eda9ec7bd143f99e
- SHA512
  
  eb72a28fba2274cbd8c9e7a75218c6b006f8a03e56abba74bd365452e0c9a9ef464facdb5422984d506d4418a32073d201f8ffe22445915efdb2ca03a11c6058
Score

1^/10
behavioral5 behavioral6
- Target
  
  Payload/Instagram.app/FBBrowserIntegrityLoggingKit.bundle/sim-hash.js
- Size
  
  9KB
- MD5
  
  1d9f88ed4aab5b597d23e93192cb20b3
- SHA1
  
  5ebec9253ec0bf4ac81e5ea6a99445f8b23ba168
- SHA256
  
  7a27470c1273072520c9bd9beef9a6ac2accb9d2cb48400a92c4b26226e5f064
- SHA512
  
  53fa934d3748c54cbb49b310faf1fa8ee1ca80bcc1ab5ff83515025e6394315c990604d81f6c96475fb56b531a9ba520130e2347176e7e4f7ddad5859e32b0fd
- SSDEEP
  
  192:XE7YdlQ1O9jW96n+jrV16eIzyG0IvANs17:U716+jrSry4J
Score

1^/10
behavioral7 behavioral8
- Target
  
  Payload/Instagram.app/Frameworks/Chertovski_InstaPlus_hack.dylib
- Size
  
  181KB
- MD5
  
  f938e935369ec36194f6925ac68b461a
- SHA1
  
  dee477959879aa3941ccedba52a75dd299636f6d
- SHA256
  
  32ebecbc935b76e9e8fd1bf33d2101d0073c4b5b65f6b748941021fd1fd70afa
- SHA512
  
  767e615222c12208bec028462ae43fb6fe4002549cd02bd64bf10c913b253c7f56582bb00329638ee3883edadde3a486086bbbfa5796e822edb7abf70287ecc8
- SSDEEP
  
  1536:sjNj/GAKXuSW8UMhWnBr2z5RHpqOkjJUcBbKhChvQTJlJ+OBmtF4fktqrw+b1tiT:0NjuADgkQTcrBbKhChyuwmSkArHb1Tfy
Score

1^/10
behavioral9
- Target
  
  Payload/Instagram.app/Frameworks/CydiaSubstrate.framework/CydiaSubstrate
- Size
  
  392KB
- MD5
  
  bf6be7d3c54ad8ae0968d7dc532037c9
- SHA1
  
  bf69bb133f8068059233d56438a6d62982da2c8e
- SHA256
  
  08df30881a0a63e21a46e53518145187c5fecd53cb2c7c7bbbe12917dc72e1c3
- SHA512
  
  db0e82796ac13f4a0e00a944d740c724501d9c13634d1413dbe32bf491d95f5a7db9c85bb23547d14aeb6f656f9bdee6461ab2c174fc359cc8753310336f90d0
- SSDEEP
  
  3072:25LQSrq2Fj/6GJinfQ/MRgW4mhlsZUkT4o:25sSu2Ffinfh4mKZUD
Score

1^/10
behavioral10
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/FBSharedFramework
- Size
  
  77.8MB
- MD5
  
  cc40df94afe278449799afa7f79435fd
- SHA1
  
  a7586922c1cd37d606cf2792089c72c3cb8b0680
- SHA256
  
  a3956f6d3cf4a7e70f97b784214e8262e37be9846d7545d5ba06b6f34908e2dd
- SHA512
  
  8104f484bd7ffc95f5c9e179e0181efe285ff4d03c6be12f254ba5d3d9a26b937916dd29af55dcb18b927f0ad4e5b5269004e1e04b5258e1ee1e3bb1b89d3c05
- SSDEEP
  
  786432:tURshRTk+UJyWjJAdmhtu+JZUGmvBQ3P5gLElWJBs:tbuF+dgT1
Score

1^/10
behavioral11
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectMessageSchema.plist
- Size
  
  835B
- MD5
  
  68f90f38e9eed97a3cd9c3f036ac1bb9
- SHA1
  
  626ec47a3338305e05d9bbcc7f18f55783924704
- SHA256
  
  56d00868bf640213e5bc36cf1e50ed4425488d3bf6b3b9f46f4b3d399f4b0e92
- SHA512
  
  a43724e6116b30daf9b81e36628d253f635f610efbd9ef0b0262f9b54c8018e28595a0ece1f74197199e3f2d6291ee7795ce12bcf8a0b81dad72a637eb6206b7
Score

1^/10
behavioral12 behavioral13
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectMetadataSchema.plist
- Size
  
  1KB
- MD5
  
  b9548ed384e25ee7a4e92d5cd0dff962
- SHA1
  
  45459b41271b2050146c1b37bdf90da16a50e039
- SHA256
  
  d71ebb668da3698d98d74f103c357577c7d5a42bddd7d3f283a7bec210954799
- SHA512
  
  babe4bf4a282eeb8fe967e4f9a10ab378ff80a21ce16edc1390e496267e468240958151f1ed7e5b2332b782e26f5a64c1c8974765c4cab130602703db898fc3c
Score

1^/10
behavioral14 behavioral15
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectMutationsSchema.plist
- Size
  
  642B
- MD5
  
  5033250c743b0732aa54f78b9f3ade7b
- SHA1
  
  8b0c7af8ab079190541231ac42b3afd3930d3005
- SHA256
  
  ec18bb76e75594969040167a26cce32349a45b956ac519d903510b0e2625f5dd
- SHA512
  
  49fb5b254527e0d545f6a71a9462660323eaf0529b5ba62d2125888167edaf1e22ebcff2b6d34832a4b054be2ba091e5e0bbef4927930e724b1c75467d8dde3d
Score

1^/10
behavioral16 behavioral17
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectQuickReplySchema.plist
- Size
  
  863B
- MD5
  
  2db5a559a6b39a367c773181b90064ee
- SHA1
  
  03dcf352f7b3036a3a639a740aaa8b0496b979ce
- SHA256
  
  8592e347d2a33c0e6f0943fceeadc9957afe6b0a5d0ef9e3b2def04ba5edbc75
- SHA512
  
  2ee98fb2ef843efd59f0168222030ccedcf2dd18c6b64e6a0917c35d0e889ab5c3e1555154c46fee009aff24fc86b0d0728fd2daa842903ad2094a107236afd2
Score

1^/10
behavioral18 behavioral19
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectThreadClientStateSchema.plist
- Size
  
  659B
- MD5
  
  edc049f2e19347def1618f1db5524c28
- SHA1
  
  bec895006a6023a879c89210be508971c4fa5738
- SHA256
  
  3ac3a89e3835494d1604e37cd2c350cb61869b8d2e302818d9ccb91132d68b7c
- SHA512
  
  ad475cd800d249cc258e8bb924252e53caf0895b25bfd6c20bc4759b3ff5b45990fa75adc4778e143c4bc51465141a0c806999c0a9f7189c52fe54cd5c1811c9
Score

1^/10
behavioral20 behavioral21
- Target
  
  Payload/Instagram.app/Frameworks/FBSharedFramework.framework/SQLiteSchemas/SQLiteDirectThreadSchema.plist
- Size
  
  1KB
- MD5
  
  024c64dd34e00bcbba12671378f49e2e
- SHA1
  
  a1061744ec27a8a7e43c73a15728eaee35cf9596
- SHA256
  
  f6975e6775613d9ef382004e7b437e650803f04a7c821f74209a1070c62d4bdb
- SHA512
  
  edbcb3ea5c211ae96b91ff440c93429494cf7d126273b184625b7862a852b3132b7d3995221f1314ddd137193c13cdb044a1337245ec2f280b4d3eea65d5fb2e
Score

1^/10
behavioral22 behavioral23
- Target
  
  Payload/Instagram.app/Frameworks/Hackogram.dylib
- Size
  
  64KB
- MD5
  
  4134f4781d3a7d2d9134485c3532c30a
- SHA1
  
  40f25bc0efa49527839c0c576d97bc1124fa5cf6
- SHA256
  
  98615d926b1294a03e63a6a391d6684617947e08c6ac2dc891bce25842faf48c
- SHA512
  
  13a60f8a94b2b39204db8eb27980e2eb4f36c02f880d9c170ded67ec15029953517b1578339be1a395848daf91cadd482ee78948b096640349d2667b414c4f47
- SSDEEP
  
  24:rlu/848M6Gq8NqY2pLvLoIkNLkOLeaJLfjn66+o+dqj5VXLyu2kKW4KPUq7RbfeO:rmENTaZkOLeatfOvdMVXLyuV2HeUkU2
Score

1^/10
behavioral24
- Target
  
  Payload/Instagram.app/Frameworks/IGPyTorchFramework.framework/IGPyTorchFramework
- Size
  
  2.6MB
- MD5
  
  ccb5eeae92afe147eeed982cb9ad5537
- SHA1
  
  d5765f5eeaedd0673d9deb38dd87c0209d965076
- SHA256
  
  1e3b15624bf9d33ab546309a5e5870b273dbe32499a6d12e2b1af2b341cd873f
- SHA512
  
  53b1eff8362e02f6ce99e266687f69da09344d16f96fdf881016ef92d06d0559a6734a5cf7b3e5b3f57d788600a20b70c9db3be50054a099dff60dc5cb820d67
- SSDEEP
  
  24576:wW217NyOR26KITorKjQeKQh8QJzdtFEBcEDscynMofOko5kySiYCgQZwi6NYUTCR:A2ya1jQJzdtFEpYcyMRPgQZwi6mUuDd
Score

1^/10
behavioral25
- Target
  
  Payload/Instagram.app/Frameworks/InstaPlus.dylib
- Size
  
  64KB
- MD5
  
  be3e7d5b59ae0812bd6ab7bad9fb124a
- SHA1
  
  af5f723d22768f61468e60438936289b2af93545
- SHA256
  
  5cb1be0e1f5fbd2963a687388a8925021d74b506c972cc87a945e7797666bf9a
- SHA512
  
  6a51441c16cb0345afc5500fec5caac8aa815f6218298481e98355843877c7bdea79c3c1edd0539229777718e22ea4c049a90539c8fe4dbfec20cfad156b7a25
- SSDEEP
  
  24:rlu/848M6Gq8NqY2pLvLoIkNLkOLeaJLfjn06+3zdqj5VXLyu2kKW4KPUq7RbfeO:rmENTaZkOLeatfwRzdMVXLyuV2HeUkU2
Score

1^/10
behavioral26
- Target
  
  Payload/Instagram.app/Frameworks/Magic.dylib
- Size
  
  2.5MB
- MD5
  
  417471186f5bedcc631ffae2d23dd1ae
- SHA1
  
  30a9ed2c33b631c5adc59025dd12ac7b0551c076
- SHA256
  
  21ea79e8b2677d7f783edd2159d1a4ffcf72dda5db687048e3c7c85c447bf095
- SHA512
  
  f0153a61ff46722ae06bb715a0aff9255527a20f5171aaec0a5956fa3e3a890de8a1d371bbe6e1e3f75204978b1ec0c455405e060dc70afc2135d7bd6f5448b0
- SSDEEP
  
  24576:c+xsOM/DQPJLahPpGtg6Irv9v/MoqF5cqCwI+la97VLgax9vHP9gWtkjD:3jjJmeat9dqFQbqA/x9P5c
Score

1^/10
behavioral27
- Target
  
  Payload/Instagram.app/Frameworks/PlusForInstagram.dylib
- Size
  
  970KB
- MD5
  
  b0dee2728c7fa7baa7880fa0a1217aa7
- SHA1
  
  f59c5cb7e30d0dac1e8a90a48cfe656ec700269c
- SHA256
  
  133088c79e62d19fa7fefce7fb779b4ef85541d4067f8654a6d491b6bbacd799
- SHA512
  
  f949fb7b7df50f45954a72b59c723822e1228fb36f4231c79e7cb7a0345c09a61ad976681a0db4793f8f8aa6cb753afb96f0beb1edc1f94eb832802a9474698a
- SSDEEP
  
  12288:Vx1fs87W2j8FAF5NXCRTnSqbFn5mLiipTfUo+/JW4iCV9XrXJB7DKy465FwzFMRR:5Wu8FAxwTnEBKTqhZtttlYCR
Score

1^/10
behavioral28
- Target
  
  Payload/Instagram.app/Frameworks/RIPass.dylib
- Size
  
  257KB
- MD5
  
  ddb71c8b0b52b335a1cc25f216bc695d
- SHA1
  
  748dcf0d3f8f218553d6a7fcabf8e1d6ba7b49da
- SHA256
  
  c04531d7cd2b49b1edc281d90e24858542e0ab74d55c2653dd180ebf7f3050f7
- SHA512
  
  fb82bf02c73084c9b559d2035156b8b098ae1a0e5d96c759ec39564d3766e5eb8945394f51a972743bb0598c2cb52280f6d0b53b13a8e454e801df81d2a3ebba
- SSDEEP
  
  192:Bg3HlPqk9qCH0wu4haoqkFqCH0kuce5+g5yQN+PHs2yiN6:i1Pqk93hpqkFne5+g5ZMPH5yN
Score

1^/10
behavioral29
- Target
  
  Payload/Instagram.app/Frameworks/Rocket.dylib
- Size
  
  2.4MB
- MD5
  
  7035e780d8f8766d8b834a8f0ef0e410
- SHA1
  
  e7c6840ea725a1b9cadf98817ba74c964f99c33c
- SHA256
  
  de555bc9c638a9bcc5c7fa64512d3c143f4fbdd2fe8c8b8e0f556631f39aa024
- SHA512
  
  38a4652c66bcee10a28e70bdce2a2a534df3e4e25c7eafb7332e8d733cafffe454fe2814adcdc03229302a2551f2d71e5c5c536a7d466f8f5c3704f513ce8975
- SSDEEP
  
  24576:Oa2VK5oy+eiaj0fEZV3oZMaoSoi9x6O/cvPY0tWRO5/mvnrf:2SiSHtCx0vwbOsrf
Score

1^/10
behavioral30
- Target
  
  Payload/Instagram.app/Frameworks/libmryipc.dylib
- Size
  
  73KB
- MD5
  
  4e149f81c2abda22ac82a43e07646a82
- SHA1
  
  f0a6c944cf07e8517128e6a3dca30f66fcd09051
- SHA256
  
  5e4d878a474615e5e1fb5d09ecf98f7b26264baba7023a8719c9390957a45fe8
- SHA512
  
  fed50746394ea2e7681a379edd4116d06868acbb8817edb3690be087ae280830b52628dfc3372d36a14a658beb0f9c9971cf3e006c823587741b234aa58243c4
- SSDEEP
  
  768:OjYGQkhN64rF+Fw0+F6lQuqou7RgbqgO:0QkhN64QkGbh
Score

1^/10
behavioral31
- Target
  
  Payload/Instagram.app/Info.plist
- Size
  
  14KB
- MD5
  
  6d03dcf0e8eb2e218a1944104ece5c6f
- SHA1
  
  fe73e32f046ee74c7ca2b8a442ab978fbcca7d4f
- SHA256
  
  5c6661c352653c23076d113e05f5387dd6d4350437232989042aed9284621bf0
- SHA512
  
  5323044c8a90977e3896c9de524f24203073a7464401ecefb2c63e1b18ed8730e3387f285c2b281941c2d5d008d0b313d8ca70adaa78c879466fdeb68afdf57f
- SSDEEP
  
  96:Cy2bnoZBXbrYUp1J1T0gsY5O7gGbOgQz053U2JMyM8cs+v7SggQZ1C4kWVFCTsTc:XQngcExQ4qNwdkWVsTsMjkOMUaF99mzF
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32