Overview

overview

10

Static

static

2bc5ce39dd...49.exe

windows7-x64

10

2bc5ce39dd...49.exe

windows10-2004-x64

10

Resubmissions

15-11-2022 10:35

221115-mmn1esce3t 10

15-03-2021 11:09

210315-zqyylb62la 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49

  • Size

    362KB

  • Sample

    221115-mmn1esce3t

  • MD5

    f1f48360f95e1b43e9fba0fec5a2afb8

  • SHA1

    70ceb467db7b0161d22e4545479f747417b9705a

  • SHA256

    2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49

  • SHA512

    88d945c7a064882681670d9402fb8d07cd0653f5d6e7801d95b0a4a840be2a362ccb11baa6911b47538681705a76d633d8fad374a6f541dd3ed651f3b63ae3b8

  • SSDEEP

    6144:iz+92mhAMJ/cPl3iis3CLBQU/FoX+R76Hyca7P8w/nD3BOrPOaYjRtGTxR3Zar:iK2mhAMJ/cPlEO7c8zcyLxODStGtR3ZC

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49

    • Size

      362KB

    • MD5

      f1f48360f95e1b43e9fba0fec5a2afb8

    • SHA1

      70ceb467db7b0161d22e4545479f747417b9705a

    • SHA256

      2bc5ce39dd9afe2157448d3f6d8cb9c549ed39543d159616e38480b9e6c11c49

    • SHA512

      88d945c7a064882681670d9402fb8d07cd0653f5d6e7801d95b0a4a840be2a362ccb11baa6911b47538681705a76d633d8fad374a6f541dd3ed651f3b63ae3b8

    • SSDEEP

      6144:iz+92mhAMJ/cPl3iis3CLBQU/FoX+R76Hyca7P8w/nD3BOrPOaYjRtGTxR3Zar:iK2mhAMJ/cPlEO7c8zcyLxODStGtR3ZC

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks