General
-
Target
3ec3efc595309d26426d53b0a3d7ab1cee97a63569d54cc8eecdb6c72bdb9776
-
Size
373KB
-
Sample
221106-ng1mpshcd5
-
MD5
b4cd8916abf1efcb87ba2cc570a9cf4a
-
SHA1
6457cd064d7587ce486be350e57530619397fa14
-
SHA256
3ec3efc595309d26426d53b0a3d7ab1cee97a63569d54cc8eecdb6c72bdb9776
-
SHA512
861c8d458c4d9c9cc9257be247c65311e78f86bc6bc088b5a918350d1c89502d0135245d69990ec40f416da8b2601fdf75687e0fb218c67b401790e95471d6fc
-
SSDEEP
6144:F94YVuWi4ySWFLl0XO5tbmTpLDrTARIN8CpgfqzyaZ1XZgVhrMnAgYSsq79L/3I:X4YV1i400itbmTaJfQ7/AgYSj7ZA
Malware Config
Targets
-
-
Target
3ec3efc595309d26426d53b0a3d7ab1cee97a63569d54cc8eecdb6c72bdb9776
-
Size
373KB
-
MD5
b4cd8916abf1efcb87ba2cc570a9cf4a
-
SHA1
6457cd064d7587ce486be350e57530619397fa14
-
SHA256
3ec3efc595309d26426d53b0a3d7ab1cee97a63569d54cc8eecdb6c72bdb9776
-
SHA512
861c8d458c4d9c9cc9257be247c65311e78f86bc6bc088b5a918350d1c89502d0135245d69990ec40f416da8b2601fdf75687e0fb218c67b401790e95471d6fc
-
SSDEEP
6144:F94YVuWi4ySWFLl0XO5tbmTpLDrTARIN8CpgfqzyaZ1XZgVhrMnAgYSsq79L/3I:X4YV1i400itbmTaJfQ7/AgYSj7ZA
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-