Overview

overview

10

Static

static

1

图片2023...md.exe

windows7-x64

10

图片2023...md.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    图片20233155168jpg.cmd.malz

  • Size

    602KB

  • Sample

    230316-d9a8eagg43

  • MD5

    50e0dc8b208f29699d895388d2441cc0

  • SHA1

    be4376a162f4f1a00da2124645e55301e641c440

  • SHA256

    59c99ff6fe40a2d811eeebd5c63f5ddf96107a890cd6c4b41821adbcf97f9204

  • SHA512

    8c29774e16686417fe6a552dfecb9ce2ee8d138c916f7f13b78dd974a10847b68f6fbb2452ab6a579e621ef66a47dda16b4ff8cc6d6a96bfcb1eff27bef4e1aa

  • SSDEEP

    12288:DGHCnaomAEg3uPdkgOX+tZdxJsq1al2NyCGtN/NazPT46om5vGq:DGHCm8uPdJFdzakYBNazxoq

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      图片20233155168jpg.cmd.malz

    • Size

      602KB

    • MD5

      50e0dc8b208f29699d895388d2441cc0

    • SHA1

      be4376a162f4f1a00da2124645e55301e641c440

    • SHA256

      59c99ff6fe40a2d811eeebd5c63f5ddf96107a890cd6c4b41821adbcf97f9204

    • SHA512

      8c29774e16686417fe6a552dfecb9ce2ee8d138c916f7f13b78dd974a10847b68f6fbb2452ab6a579e621ef66a47dda16b4ff8cc6d6a96bfcb1eff27bef4e1aa

    • SSDEEP

      12288:DGHCnaomAEg3uPdkgOX+tZdxJsq1al2NyCGtN/NazPT46om5vGq:DGHCm8uPdJFdzakYBNazxoq

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks