plugx | 07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500 | Triage

Submit
Reports

Overview

overview

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

LDPlayer9_...ld.exe

windows10-2004-x64

1

Sharing

General

Target

LDPlayer9_ens_com.termux_75962714_ld.exe
Size

2.9MB
Sample

230506-qmnlfahc98
MD5

79170cdc94a59fd6e174bd56d8ccadcb
SHA1

c3e8aa07bfb7625194def68231b4db42ca3d6610
SHA256

07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500
SHA512

7eb94acbf573a7528709197c96d7edaebce05d1f9aebb5a5992b4fb8c6b88e4cd4c9a4edd1f030362832860da992282476a13dcdb1cb8ca51065df7804a8afc3
SSDEEP

49152:mi/fEwEHpp4/PrRw1SYFjAbDiY+UjwxxtG8N9Hm:mi/8wEHpW/Pa1BF8+QwxKj

Score

10^/10

plugx redline discovery exploit infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_ens_com.termux_75962714_ld.exe

Resource

win7-20230220-en

plugx redline discovery exploit infostealer persistence trojan

windows7-x64

30 signatures

150 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_ens_com.termux_75962714_ld.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_ens_com.termux_75962714_ld.exe
- Size
  
  2.9MB
- MD5
  
  79170cdc94a59fd6e174bd56d8ccadcb
- SHA1
  
  c3e8aa07bfb7625194def68231b4db42ca3d6610
- SHA256
  
  07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500
- SHA512
  
  7eb94acbf573a7528709197c96d7edaebce05d1f9aebb5a5992b4fb8c6b88e4cd4c9a4edd1f030362832860da992282476a13dcdb1cb8ca51065df7804a8afc3
- SSDEEP
  
  49152:mi/fEwEHpp4/PrRw1SYFjAbDiY+UjwxxtG8N9Hm:mi/8wEHpW/Pa1BF8+QwxKj
Score

10^/10

plugx redline discovery exploit infostealer persistence trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

plugxredlinediscoveryexploitinfostealerpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy