Overview

overview

10

Static

static

806b6bdbd0...04.doc

windows7-x64

10

806b6bdbd0...04.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

  • Size

    324KB

  • Sample

    221201-j4rwvsde8s

  • MD5

    510373e64ab11602490e0e5eb36ef4d1

  • SHA1

    284e402d86e35a510e428bd6dc990e1d6d87a8bc

  • SHA256

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

  • SHA512

    30f536eeccc1200bf69f3adef6214387a17c919f332ca120b56e1d20dfd9e996c4aaa38f4d593ee7d25e05f8add7b17ea02922e3d4ac59403ab1d574c76345ff

  • SSDEEP

    6144:xzAFVteZhTDb2WzbxEvk69q6CC4KEqU/G0VmyhNz+0dfpnXh:CfeqAxEvl9j34KEqcG02sRh

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

    • Size

      324KB

    • MD5

      510373e64ab11602490e0e5eb36ef4d1

    • SHA1

      284e402d86e35a510e428bd6dc990e1d6d87a8bc

    • SHA256

      806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

    • SHA512

      30f536eeccc1200bf69f3adef6214387a17c919f332ca120b56e1d20dfd9e996c4aaa38f4d593ee7d25e05f8add7b17ea02922e3d4ac59403ab1d574c76345ff

    • SSDEEP

      6144:xzAFVteZhTDb2WzbxEvk69q6CC4KEqU/G0VmyhNz+0dfpnXh:CfeqAxEvl9j34KEqcG02sRh

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks