plugx | a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b | Triage

Submit
Reports

Overview

overview

Static

static

a97959fee0...7b.exe

windows7-x64

a97959fee0...7b.exe

windows10-2004-x64

Sharing

General

Target

a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b
Size

347KB
Sample

221130-3ycpjafh49
MD5

e733988f97ffcd7bddae53cd194ddb56
SHA1

203d4f753ac159cbaa0637726cc2849483fdee23
SHA256

a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b
SHA512

1c436714ecbd77bd36f628d5d9d6ae0f0869dc77422bd871667f577c8b4200d62991099cbfbf4100717ae9a2bc9b812b6f4fe76329b846df3724a865fc2396e8
SSDEEP

6144:v4lRkAehaKuqT+FdR4U5LUskSB4fpweOLPtfuRK6UcdIAfUvPIHTRmon36Z:vkWAehJuqT4SPskbBHClfuRycdIpvPwC

Score

10^/10

plugx trojan

Static task

static1

Behavioral task

behavioral1

Sample

a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b
- Size
  
  347KB
- MD5
  
  e733988f97ffcd7bddae53cd194ddb56
- SHA1
  
  203d4f753ac159cbaa0637726cc2849483fdee23
- SHA256
  
  a97959fee0a1ea94a23fa46faed2d786ebfc7db2e1401e843ee36d7e26f7bd7b
- SHA512
  
  1c436714ecbd77bd36f628d5d9d6ae0f0869dc77422bd871667f577c8b4200d62991099cbfbf4100717ae9a2bc9b812b6f4fe76329b846df3724a865fc2396e8
- SSDEEP
  
  6144:v4lRkAehaKuqT+FdR4U5LUskSB4fpweOLPtfuRK6UcdIAfUvPIHTRmon36Z:vkWAehJuqT4SPskbBHClfuRycdIpvPwC
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy