General

  • Target

    5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

  • Size

    484KB

  • Sample

    230222-ma4kcaag64

  • MD5

    709303e2cf9511139fbb950538bac769

  • SHA1

    56653a3433982b35f5c2506adaf4412dd4f34925

  • SHA256

    5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

  • SHA512

    8e8243a6d6c8a703bdab7e2c2a3d6439de6ae72fc3de1ba9f90a8081143c81220c8ec01b36d02eb86fb5f04334bc5d5b1080b504f70a3cf72f766c5d4079d136

  • SSDEEP

    12288:DGHCnaomAEg3uPdkgOX+tZdxRvPlrbKu+E1Kur1tsPTtEn:DGHCm8uPdJFd7PBbKutvr1ts7o

Score
10/10

Malware Config

Targets

    • Target

      5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

    • Size

      484KB

    • MD5

      709303e2cf9511139fbb950538bac769

    • SHA1

      56653a3433982b35f5c2506adaf4412dd4f34925

    • SHA256

      5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

    • SHA512

      8e8243a6d6c8a703bdab7e2c2a3d6439de6ae72fc3de1ba9f90a8081143c81220c8ec01b36d02eb86fb5f04334bc5d5b1080b504f70a3cf72f766c5d4079d136

    • SSDEEP

      12288:DGHCnaomAEg3uPdkgOX+tZdxRvPlrbKu+E1Kur1tsPTtEn:DGHCm8uPdJFd7PBbKutvr1ts7o

    Score
    10/10
    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks