General
-
Target
a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249
-
Size
338KB
-
Sample
221201-lqxlasfc24
-
MD5
bae08358dc23e85f11f2e702de0f5046
-
SHA1
b0c9381d8fe5dd98daf744bce4a3d0e0448a7ab4
-
SHA256
a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249
-
SHA512
257176e3e51f2323cef3b9a7665ab636360f54e3192605a80b959614c192fc60ceebfcd05e417bfe200a477cec5a79c022e2199fbd8c18968763707e6840600d
-
SSDEEP
6144:zFw8wzBhaEUJ45mnk75go5PnHt6Q+hTnO3pBboetnL1hCBDOmi986M:zFszBhqS5m+v6phi3N1hCBTN6M
Malware Config
Targets
-
-
Target
a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249
-
Size
338KB
-
MD5
bae08358dc23e85f11f2e702de0f5046
-
SHA1
b0c9381d8fe5dd98daf744bce4a3d0e0448a7ab4
-
SHA256
a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249
-
SHA512
257176e3e51f2323cef3b9a7665ab636360f54e3192605a80b959614c192fc60ceebfcd05e417bfe200a477cec5a79c022e2199fbd8c18968763707e6840600d
-
SSDEEP
6144:zFw8wzBhaEUJ45mnk75go5PnHt6Q+hTnO3pBboetnL1hCBDOmi986M:zFszBhqS5m+v6phi3N1hCBTN6M
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-