Overview

overview

10

Static

static

CamMute.ps1

windows7-x64

1

CamMute.ps1

windows10-2004-x64

1

QQPhotoDra...vr.exe

windows7-x64

10

QQPhotoDra...vr.exe

windows10-2004-x64

10

curllib.dll

windows7-x64

1

curllib.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2

  • Size

    354KB

  • Sample

    221204-g74cyshe8z

  • MD5

    8fa18a33647422164011951813496cee

  • SHA1

    9cd1f9d833163aa0491a67c026a06519f4837314

  • SHA256

    afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2

  • SHA512

    3a26ba756e22a6e9a8477e585f5c06cb786b529c39a17c60c8dbf10b623df6cddd46ce6ffd7c38371b43df5c173d489f6ed019f4ef528e7dfcb61847276e0499

  • SSDEEP

    6144:vMig+gqkbb45K9RRS7r7Jhqwn4U6ywSfNBPvbMAU2RFS3HiUUVjX6xkVucBxzCHo:vJCqs4o9RRm/JsxCvbMBWVjKxG3jp

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      CamMute.swf

    • Size

      146KB

    • MD5

      4ae94a2da16ad5ad5efc4cc13f307492

    • SHA1

      2e049ddbbe6fe5f72ea98350739091ba88817c68

    • SHA256

      826716e9d34cd8f0c6ed461b704f3081e8444b30236616ee1f1aec5ec1e2e1b3

    • SHA512

      413ef4ca0b81bee6da8348f8d99de2d11be0d8afb51addb2f02a1fce90fdaddcd67e83e82c61309707f9df74bd18e45a85552c0fe876112d08769fa9c86b845a

    • SSDEEP

      3072:FXoHtP4UwV+D0+irj4zBHkVMRckilLvlNwKCC:qHyUwVPX6hkVOcZfzCC

    Score
    1/10
    behavioral1behavioral2

    • Target

      QQPhotoDrawUpdateSvr.exe

    • Size

      475KB

    • MD5

      3a28d2e788b3a2aa2b159cbe87a41a5e

    • SHA1

      f2525cb3dd708c9c8f13a28951ac583ca6ebcb05

    • SHA256

      fe5f8f5d25c3889449de2e709bedd408d24bec46d3fa1a488745c4d79c988fab

    • SHA512

      e35b2126a230edd752e4eef93a8bc441068d817826f15f006e2c87c765e60c9694c30ec84c66d2c2f526fa3d8b0f90b2f5e4a10e80ecbfc6b4fb40ae4e37bcfb

    • SSDEEP

      6144:c3sPbRwlW0Yc6fXjTEBNuIbFOXkYmge0+hV+h:c3sPbRC6kaIAXkGkVk

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      curllib.dll

    • Size

      33KB

    • MD5

      8b93812bde3ebbb526bc4005f530625a

    • SHA1

      6024513b704a4ecd310f344837e344f1ed8d3cdb

    • SHA256

      504f7602a6d39219ea11a7bd4a718acd63cba08171e4f0f8c692e6c30ce5c82f

    • SHA512

      ebd2fd7adb96d49492ef2e1665a0dda1c6ad129cdd60e6a33824e81e2f7cba029d903255c982499162989be492e9319f6b2eb84c07ae821605e9589d7c8d014a

    • SSDEEP

      384:Lim8UXDdgtKTn/aXhMzOj1YeWX+JihwWJlUKU+lnu6EDHSuItjj1XoNCfyhJ:LiXyaR6O1dgBhlYGnTEDSJfyr

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks