Overview

overview

10

Static

static

333e7c22e5...99.exe

windows7-x64

10

333e7c22e5...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    333e7c22e5aac779863c710144d74913d8ac88443ffe4349c5c8882fc4b7d999.zip

  • Size

    479KB

  • Sample

    221015-b8cczafab8

  • MD5

    a5bd871274c84c38c75a2b5847ea57ea

  • SHA1

    98451f81140cba371b66fdda1cff0c63792d6311

  • SHA256

    e383f0476135560686dc4ac2f5790010ff2883cd8f783cf95ab70aa756745651

  • SHA512

    82ceef28d09f13123defbfc3232c3f09c708ea01e81b5d2defda6bd2fa2da9277bbd9c65e7a5d0f0835ccdb942d948b432e7297723022368eef252e6513c0a3c

  • SSDEEP

    12288:EghhusAII5y4mf3DJoxRwNAUek4/gS0mpypIcatO:EgzW50f3Y5UekfmHg

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      333e7c22e5aac779863c710144d74913d8ac88443ffe4349c5c8882fc4b7d999.exe

    • Size

      590KB

    • MD5

      99b4e8725fcc7c754f5e11c1a286654d

    • SHA1

      10cc781ca3eb4f11007a9209efd4e7d4621cb959

    • SHA256

      333e7c22e5aac779863c710144d74913d8ac88443ffe4349c5c8882fc4b7d999

    • SHA512

      1d01bda85600490dcb7595bfcf0cf5a435b5adc437123ca6acd76c2f84028b2cfd0a23281fb45926d91a004574a66b8ac07c699e5957fb565b9016acfe92d3de

    • SSDEEP

      12288:ahxp3lZnT9bD8R3bXsTE57bBoUgm5tbOTHvrPOMo/dtvM1GBRxKYi:aJlh9bD8Rr8+bbyrnoltRRxKl

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks