Overview

overview

10

Static

static

a5aee25378...49.exe

windows7-x64

10

a5aee25378...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249

  • Size

    338KB

  • Sample

    221201-lqxlasfc24

  • MD5

    bae08358dc23e85f11f2e702de0f5046

  • SHA1

    b0c9381d8fe5dd98daf744bce4a3d0e0448a7ab4

  • SHA256

    a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249

  • SHA512

    257176e3e51f2323cef3b9a7665ab636360f54e3192605a80b959614c192fc60ceebfcd05e417bfe200a477cec5a79c022e2199fbd8c18968763707e6840600d

  • SSDEEP

    6144:zFw8wzBhaEUJ45mnk75go5PnHt6Q+hTnO3pBboetnL1hCBDOmi986M:zFszBhqS5m+v6phi3N1hCBTN6M

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249

    • Size

      338KB

    • MD5

      bae08358dc23e85f11f2e702de0f5046

    • SHA1

      b0c9381d8fe5dd98daf744bce4a3d0e0448a7ab4

    • SHA256

      a5aee25378a5cdf087557a93f55428c3f98354950f022430ec45dd10be581249

    • SHA512

      257176e3e51f2323cef3b9a7665ab636360f54e3192605a80b959614c192fc60ceebfcd05e417bfe200a477cec5a79c022e2199fbd8c18968763707e6840600d

    • SSDEEP

      6144:zFw8wzBhaEUJ45mnk75go5PnHt6Q+hTnO3pBboetnL1hCBDOmi986M:zFszBhqS5m+v6phi3N1hCBTN6M

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks