plugx

General

Target

t.zip
Size

264KB
Sample

230215-rcqhqaca67
MD5

3c3458fa987a02e8828ba3be85ecfb25
SHA1

8644748ea6189430b334bf6816e5ba01ea2c74de
SHA256

721ff308a706259c674adbd7c1606f5d5636674dc372ab739f1224e0be06184a
SHA512

e642de12271a7d69c4ddbfe5f960831d7ab65d0ed20b68bd810d25777817a945f06a67aca067734b900b4da9fc6237d7a9fce880bce2b3387c561bd5367ce1f3
SSDEEP

6144:/OZ9JTnmx8HSipHM7sQVNHaBcjjPPy/kAWB6C9ogmWrmSjOGAHaEhen:mZ9J6xVlVNHOKDPKkAKogvrQGgaEy

Score

10^/10

plugx trojan

Malware Config

Targets

- Target
  
  t/SmadHook32.dll
- Size
  
  70KB
- MD5
  
  e1ed9b48016d43398cdf62a61c9b113d
- SHA1
  
  b8e7183fba57ca867393ea4edf62fe60d1549c94
- SHA256
  
  2e0b20fd34c70ec0566cb6e0852520fbab9452e3cb7aad8299ae841ac71733cf
- SHA512
  
  4b5fd58c0d6a59d710d80f0bec216ba19d9e52c1516d799a991995bd7a9f6e45667f924ef7b7320773881d521a1059bb8a2686e1324ed8083c10ca68e1f48714
- SSDEEP
  
  1536:24Hd4iaPI1/zhAP6YtnogaDc8zvsWjcdS78a:czw1/zeMzQSX
Score

1^/10
behavioral1
- Target
  
  t/Smadav.dat
- Size
  
  153KB
- MD5
  
  98f963bae9fd59ab4d50d9e275471ec6
- SHA1
  
  95c7b1eda105bf690cce854b53b9a308f82fc525
- SHA256
  
  a59724904c4bf6bfbf182e0235ede0109b65649b5d9f95acdb627610820eba37
- SHA512
  
  da3311197834a90cebc3d25dd1056717ca7c7d68e30328280b091fdfa2a41598fd3f09854a15c5d0cec939f21b044bab96c8ea28ba53e6c280c945fb31c892ab
- SSDEEP
  
  3072:f0mx8ZZ7SipHMyQtjR7qQRStGNHHVzvkFtyqc/rx3PPy/gNOTWlBuZqAcT:cmx8HSipHMXdsQVNHuBcjJPPy/kAWMxc
Score

3^/10
behavioral2
- Target
  
  t/Smadav.exe
- Size
  
  77KB
- MD5
  
  b830cd1b49bd31bcdb6192c20cf0b141
- SHA1
  
  b9629fdd735956772e9a3ceedcdb829bba6f8a43
- SHA256
  
  21d34a02ec28e9bd6f7b2f96ac7921f5ef08d291416b38a3fc8cf651f11fc820
- SHA512
  
  0ffef5b2681e57d3586b878bbf174a667423cd30e75a7f4ef60910922b2f9e3e02af309a7c3f15b70a42b747445513df43ce651dcb85bec7b94bfed6a7704ccd
- SSDEEP
  
  1536:NF81hiRzGLSNegJYJoUP8MXTi9Xtr835XoR66E:NFsGGLalYJoDDx835XoRe
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral3
- Target
  
  t/setupres.dll
- Size
  
  75KB
- MD5
  
  f1f9e9bd62292768f433c4f894eadb58
- SHA1
  
  835aac8aa29b747cd90d44b9fef5683bf0f1f6d9
- SHA256
  
  7863ad82f7e1c036e48e928433932177a14670033028b42f44dafeacb40a86a9
- SHA512
  
  e59b908e54d162abc2aa2d814b71d1ff62a4d2105d2f22df8e8371b760111de30ca6e4f77e14ccbc2ec49eba3ff1013d023edb9f72c89bada17eaf4558ca669c
- SSDEEP
  
  1536:71z1GbzJ50O6ZTVATfXqKtyoR5Lc+CQYsWjcdx6my+F:7tUvyAXqSdo6
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects PlugX payload

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4