General
-
Target
2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49
-
Size
362KB
-
Sample
221115-mmn1esce3t
-
MD5
f1f48360f95e1b43e9fba0fec5a2afb8
-
SHA1
70ceb467db7b0161d22e4545479f747417b9705a
-
SHA256
2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49
-
SHA512
88d945c7a064882681670d9402fb8d07cd0653f5d6e7801d95b0a4a840be2a362ccb11baa6911b47538681705a76d633d8fad374a6f541dd3ed651f3b63ae3b8
-
SSDEEP
6144:iz+92mhAMJ/cPl3iis3CLBQU/FoX+R76Hyca7P8w/nD3BOrPOaYjRtGTxR3Zar:iK2mhAMJ/cPlEO7c8zcyLxODStGtR3ZC
Malware Config
Targets
-
-
Target
2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49
-
Size
362KB
-
MD5
f1f48360f95e1b43e9fba0fec5a2afb8
-
SHA1
70ceb467db7b0161d22e4545479f747417b9705a
-
SHA256
2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49
-
SHA512
88d945c7a064882681670d9402fb8d07cd0653f5d6e7801d95b0a4a840be2a362ccb11baa6911b47538681705a76d633d8fad374a6f541dd3ed651f3b63ae3b8
-
SSDEEP
6144:iz+92mhAMJ/cPl3iis3CLBQU/FoX+R76Hyca7P8w/nD3BOrPOaYjRtGTxR3Zar:iK2mhAMJ/cPlEO7c8zcyLxODStGtR3ZC
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-