Overview

overview

10

Static

static

8

057e908cd1...a7.exe

windows7-x64

10

057e908cd1...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7

  • Size

    1.6MB

  • Sample

    221104-z9npdsdafr

  • MD5

    61402f53a8918246c791e332fb33848d

  • SHA1

    40dd7320248850588077850c2f4e9fd4ec44a951

  • SHA256

    057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7

  • SHA512

    643c901aa7e0031df5fedf107d1f58d5f3e1f84fb7c62a8dbaaa4f3e6c5ea0dac3634d9974187f1198ddc41c4ed8c6be87f86a05cd87ed0f3cfe1aa3df87eff3

  • SSDEEP

    49152:wrc3BBxu8IRhpjmmMdaz9cCDUA1CGF/rIr6WYmf:V3DI7NyDazBln0R

Score
10/10
plugxtrojanvmprotect

Malware Config

Targets

    • Target

      057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7

    • Size

      1.6MB

    • MD5

      61402f53a8918246c791e332fb33848d

    • SHA1

      40dd7320248850588077850c2f4e9fd4ec44a951

    • SHA256

      057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7

    • SHA512

      643c901aa7e0031df5fedf107d1f58d5f3e1f84fb7c62a8dbaaa4f3e6c5ea0dac3634d9974187f1198ddc41c4ed8c6be87f86a05cd87ed0f3cfe1aa3df87eff3

    • SSDEEP

      49152:wrc3BBxu8IRhpjmmMdaz9cCDUA1CGF/rIr6WYmf:V3DI7NyDazBln0R

    Score
    10/10
    plugxtrojanvmprotect

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks