General

  • Target

    t.zip

  • Size

    264KB

  • Sample

    230215-rcqhqaca67

  • MD5

    3c3458fa987a02e8828ba3be85ecfb25

  • SHA1

    8644748ea6189430b334bf6816e5ba01ea2c74de

  • SHA256

    721ff308a706259c674adbd7c1606f5d5636674dc372ab739f1224e0be06184a

  • SHA512

    e642de12271a7d69c4ddbfe5f960831d7ab65d0ed20b68bd810d25777817a945f06a67aca067734b900b4da9fc6237d7a9fce880bce2b3387c561bd5367ce1f3

  • SSDEEP

    6144:/OZ9JTnmx8HSipHM7sQVNHaBcjjPPy/kAWB6C9ogmWrmSjOGAHaEhen:mZ9J6xVlVNHOKDPKkAKogvrQGgaEy

Score
10/10

Malware Config

Targets

    • Target

      t/SmadHook32.dll

    • Size

      70KB

    • MD5

      e1ed9b48016d43398cdf62a61c9b113d

    • SHA1

      b8e7183fba57ca867393ea4edf62fe60d1549c94

    • SHA256

      2e0b20fd34c70ec0566cb6e0852520fbab9452e3cb7aad8299ae841ac71733cf

    • SHA512

      4b5fd58c0d6a59d710d80f0bec216ba19d9e52c1516d799a991995bd7a9f6e45667f924ef7b7320773881d521a1059bb8a2686e1324ed8083c10ca68e1f48714

    • SSDEEP

      1536:24Hd4iaPI1/zhAP6YtnogaDc8zvsWjcdS78a:czw1/zeMzQSX

    Score
    1/10
    • Target

      t/Smadav.dat

    • Size

      153KB

    • MD5

      98f963bae9fd59ab4d50d9e275471ec6

    • SHA1

      95c7b1eda105bf690cce854b53b9a308f82fc525

    • SHA256

      a59724904c4bf6bfbf182e0235ede0109b65649b5d9f95acdb627610820eba37

    • SHA512

      da3311197834a90cebc3d25dd1056717ca7c7d68e30328280b091fdfa2a41598fd3f09854a15c5d0cec939f21b044bab96c8ea28ba53e6c280c945fb31c892ab

    • SSDEEP

      3072:f0mx8ZZ7SipHMyQtjR7qQRStGNHHVzvkFtyqc/rx3PPy/gNOTWlBuZqAcT:cmx8HSipHMXdsQVNHuBcjJPPy/kAWMxc

    Score
    3/10
    • Target

      t/Smadav.exe

    • Size

      77KB

    • MD5

      b830cd1b49bd31bcdb6192c20cf0b141

    • SHA1

      b9629fdd735956772e9a3ceedcdb829bba6f8a43

    • SHA256

      21d34a02ec28e9bd6f7b2f96ac7921f5ef08d291416b38a3fc8cf651f11fc820

    • SHA512

      0ffef5b2681e57d3586b878bbf174a667423cd30e75a7f4ef60910922b2f9e3e02af309a7c3f15b70a42b747445513df43ce651dcb85bec7b94bfed6a7704ccd

    • SSDEEP

      1536:NF81hiRzGLSNegJYJoUP8MXTi9Xtr835XoR66E:NFsGGLalYJoDDx835XoRe

    Score
    10/10
    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      t/setupres.dll

    • Size

      75KB

    • MD5

      f1f9e9bd62292768f433c4f894eadb58

    • SHA1

      835aac8aa29b747cd90d44b9fef5683bf0f1f6d9

    • SHA256

      7863ad82f7e1c036e48e928433932177a14670033028b42f44dafeacb40a86a9

    • SHA512

      e59b908e54d162abc2aa2d814b71d1ff62a4d2105d2f22df8e8371b760111de30ca6e4f77e14ccbc2ec49eba3ff1013d023edb9f72c89bada17eaf4558ca669c

    • SSDEEP

      1536:71z1GbzJ50O6ZTVATfXqKtyoR5Lc+CQYsWjcdx6my+F:7tUvyAXqSdo6

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks