plugx | 5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e | Triage

Submit
Reports

Overview

overview

Static

static

1

Dynatrace-...01.exe

windows7-x64

Dynatrace-...01.exe

windows10-2004-x64

Sharing

General

Target

Dynatrace-OneAgent-Windows-1.261.201.exe
Size

112.7MB
Sample

230331-xl721scf32
MD5

e4271f267c3f39e13d58c535edb75a09
SHA1

6bb98a70fae4759da6d0983b375c7be50f626063
SHA256

5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e
SHA512

3c0434cd5785c279edca2a84f2cd30903e1b120d63ff7785750b1948a79a4ef1aee27dc84088d0a7155102cfe18b41c376a15569d12c16ed16337444f7b0a633
SSDEEP

1572864:p2caw0TIfvBH+9ZA7mh7CMe1JkoHr6uganwVjwFZO7L70RqIcXNMtnMlOpCg/cZs:pdXRvyAqLe1JdoPVmG4RSflQjAww0

Score

10^/10

plugx trojan

Static task

static1

Behavioral task

behavioral1

Sample

Dynatrace-OneAgent-Windows-1.261.201.exe

Resource

win7-20230220-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dynatrace-OneAgent-Windows-1.261.201.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Dynatrace-OneAgent-Windows-1.261.201.exe
- Size
  
  112.7MB
- MD5
  
  e4271f267c3f39e13d58c535edb75a09
- SHA1
  
  6bb98a70fae4759da6d0983b375c7be50f626063
- SHA256
  
  5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e
- SHA512
  
  3c0434cd5785c279edca2a84f2cd30903e1b120d63ff7785750b1948a79a4ef1aee27dc84088d0a7155102cfe18b41c376a15569d12c16ed16337444f7b0a633
- SSDEEP
  
  1572864:p2caw0TIfvBH+9ZA7mh7CMe1JkoHr6uganwVjwFZO7L70RqIcXNMtnMlOpCg/cZs:pdXRvyAqLe1JdoPVmG4RSflQjAww0
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Detect jar appended to MSI
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy