General
-
Target
057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7
-
Size
1.6MB
-
Sample
221104-z9npdsdafr
-
MD5
61402f53a8918246c791e332fb33848d
-
SHA1
40dd7320248850588077850c2f4e9fd4ec44a951
-
SHA256
057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7
-
SHA512
643c901aa7e0031df5fedf107d1f58d5f3e1f84fb7c62a8dbaaa4f3e6c5ea0dac3634d9974187f1198ddc41c4ed8c6be87f86a05cd87ed0f3cfe1aa3df87eff3
-
SSDEEP
49152:wrc3BBxu8IRhpjmmMdaz9cCDUA1CGF/rIr6WYmf:V3DI7NyDazBln0R
Malware Config
Targets
-
-
Target
057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7
-
Size
1.6MB
-
MD5
61402f53a8918246c791e332fb33848d
-
SHA1
40dd7320248850588077850c2f4e9fd4ec44a951
-
SHA256
057e908cd15f95a9768989c0455ae9a24a65c46a5022f5fa1adfe7c7a8a4b6a7
-
SHA512
643c901aa7e0031df5fedf107d1f58d5f3e1f84fb7c62a8dbaaa4f3e6c5ea0dac3634d9974187f1198ddc41c4ed8c6be87f86a05cd87ed0f3cfe1aa3df87eff3
-
SSDEEP
49152:wrc3BBxu8IRhpjmmMdaz9cCDUA1CGF/rIr6WYmf:V3DI7NyDazBln0R
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-