Overview

overview

10

Static

static

1

1.zip

windows10-1703-x64

10

1.zip

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.zip

  • Size

    178KB

  • Sample

    230308-zjfk4afh41

  • MD5

    03f26e0d4c481b27eaf276963337311c

  • SHA1

    854b995c2508960f93fdff419a955ac72844e78b

  • SHA256

    9f94021d4e3b56b43a8be387f933db96d3f204601b9d3137559b3ae944650edb

  • SHA512

    6effe344370843091a2d060b6b18d3024023249fea0cec017523d9430e06e067fbbef5ad9b7f1b9712236980ff4f73bc0322064eedbbb37cc3216aacc4956e97

  • SSDEEP

    3072:ENOkf7P32G6nFAuWOfD3IDPcVXvp6xuTA+DQEALq+mYo7VQ0xBexnewAKHCfGID:ENOkfCxFAFyI4Fp4/+D69md7KTxnewfm

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      1.zip

    • Size

      178KB

    • MD5

      03f26e0d4c481b27eaf276963337311c

    • SHA1

      854b995c2508960f93fdff419a955ac72844e78b

    • SHA256

      9f94021d4e3b56b43a8be387f933db96d3f204601b9d3137559b3ae944650edb

    • SHA512

      6effe344370843091a2d060b6b18d3024023249fea0cec017523d9430e06e067fbbef5ad9b7f1b9712236980ff4f73bc0322064eedbbb37cc3216aacc4956e97

    • SSDEEP

      3072:ENOkf7P32G6nFAuWOfD3IDPcVXvp6xuTA+DQEALq+mYo7VQ0xBexnewAKHCfGID:ENOkfCxFAFyI4Fp4/+D69md7KTxnewfm

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks