Overview

overview

10

Static

static

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06013460d92bfef5f63085d1d10afb87a417678642b199cdae282395d1b09261.bin.sample.gz

  • Size

    337KB

  • Sample

    221129-wpfw9sce43

  • MD5

    dcb9a0288a18d6699ac821385867d350

  • SHA1

    5f9bca630c0887b205f24a66ee47bb5f3e223ff7

  • SHA256

    2bd843024c373e86260f141d51228c55015aa488ebcd24f0c5ca9636fd9b360c

  • SHA512

    3c303900fbc24bd8a3b67cae4eb4fb7f4e4574750cf0d8d886d6b00db5e764eb8c649a3d81021180439fa5a305f334194f75abb4c869bef62f1ead201963a8bd

  • SSDEEP

    6144:Tz+92mhAMJ/cfl3ihLc3GcKbTSH6eby0SePbS1hPPnHtKQ+hTn63pi:TK2mhAMJ/cflPWcKabbgKbCdKphW34

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      sample

    • Size

      337KB

    • MD5

      cd5bc22cd00975467ba470a2aad9e3be

    • SHA1

      c59f130dd579e3f7d31a4d8d0f3fa5f269b332f3

    • SHA256

      06013460d92bfef5f63085d1d10afb87a417678642b199cdae282395d1b09261

    • SHA512

      887e12492751f0bbded9bd665c39a5a28e31d77bc2de0c8ade73b63173352d6e9bc8f9575d966772e39c4b1622aa4d9966e7f873b405eca8f4b2c515ab9b7ac9

    • SSDEEP

      6144:+z+92mhAMJ/cPl3ihLcDkcK7TSH6eby0gePbS1hNPnHt6Q+hTnO3pE:+K2mhAMJ/cPlPgcK6bb6KbCL6phi3C

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks