plugx

General

Target

PlugX.zip
Size

708KB
Sample

231119-ddyntsge92
MD5

eeb04e18280b5027f1c299f3b1780961
SHA1

4361de0fb7aa2a1f15acd4396a7e1e3a34ff4fc2
SHA256

02cb95700440b100604ece78649b2ef41b2b7ea8ff68afbb02a01148a3f7c106
SHA512

14ad36c1de37272156ed8ab8939c516aca2ab884a206cc372c79253298157d2152df79623ac6f79deee6948665ff7f7376a6776ccee4c8c065fef5eeff858e35
SSDEEP

12288:Iaryqj09i0K3hqGRkyRZ2QSuB38ERqtxS9g2GZb0RJs89F+/dClI3PavIiCVU:vNPOGPLPx8E0xSK2mb0n9F+8lIYIdK

Score

10^/10

plugx trojan

Malware Config

Targets

- Target
  
  5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_
- Size
  
  507KB
- MD5
  
  5f9f8ac1f749b0637eca6ef15910bf21
- SHA1
  
  dae74fc73f98b3b9b6fd094ae512b71e499e3eb5
- SHA256
  
  593e4acae0c1e2a708cf986adfd0f4e59ec356c1031a97a65a87404943da94ff
- SHA512
  
  6b54f42a83797f332146a9c46a2ec48bc1f00bdfde6f2ff4254ec337a7f6e46d4105ee6f9bf487929323df97f3d633ce2ccbb15866d46482fc1aeaebe14b9d08
- SSDEEP
  
  96:TAy6k2M3jwlgNqvoMhx4FAcx4AmGLGQSrWWWuHMIkJMbRVPkMJbxjz8MwKz:srM3jwK8vIfxDqQSfhkJmPkMxw
Score

1^/10
behavioral1
- Target
  
  6B97B3CD2FCFB4B74985143230441463_Gadget.exe_
- Size
  
  25KB
- MD5
  
  6b97b3cd2fcfb4b74985143230441463
- SHA1
  
  8985c2394ed9a58c36f907962b0724fe66c204a6
- SHA256
  
  5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9
- SHA512
  
  736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715
- SSDEEP
  
  192:HULB0P1oynsSW42fyu335/wJirNmL/8Qpkqs1Iu55+ebCfN54U6Gn:0Fa1GwK3mirILu1vPbCzvn
Score

1^/10
behavioral2
- Target
  
  901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll_
- Size
  
  41KB
- MD5
  
  901fa02ffd43de5b2d7c8c6b8c2f6a43
- SHA1
  
  8bb71adf1c418061510c40240852c3cd61fb214c
- SHA256
  
  3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679
- SHA512
  
  6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab
- SSDEEP
  
  768:fQ+il+psGX0QEohGEVZ/E2G7k14rQMRkoIQ:fxiYVjE4VZ/ZWRkoI
Score

1^/10
behavioral3
- Target
  
  C116CD083284CC599C024C3479CA9B70_2.tmp_
- Size
  
  225KB
- MD5
  
  c116cd083284cc599c024c3479ca9b70
- SHA1
  
  bf831962162a0446454e3e32d764cc0e5daafde0
- SHA256
  
  90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84
- SHA512
  
  d89ac7d971e46ee67f6857a71d3712205d28170320386a83d9cdbda97d270626cf2a0e91e0b866d368c65eb3e47766c20c07a2baeb51feb3fe7b8d98d848e560
- SSDEEP
  
  3072:hb2V38tdLIKbEN2HSKjZNPH4cGHk51Kk+u5arueqFl8sLbxDZxWRko5V:hbvkKgN8/RH4hHk5gUUYFl8UmT
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral4
- Target
  
  PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll_
- Size
  
  228KB
- MD5
  
  3c74a85c2cf883bd9d4b9f8b9746030f
- SHA1
  
  40541a03e910b21df681bec69cfe59678ebba86c
- SHA256
  
  66bca3f92841b7bffae4d27c3ddb5adbf8084ad40ee0edda1edc1d25f5e1b967
- SHA512
  
  15ab0c68e1dc8f5dc87231942f008228fe658ce221efe0ba90dfbfedea7e9cf401cac37098674a1d7cd489c97d061b847f09b86c24453575e2d46d4d9326e29c
- SSDEEP
  
  3072:Y3Bb2V38tdLIKbEN2HSKjZNPH4cGHk51Kk+u5arueqFl8sLbxDZxWRko5V:YRbvkKgN8/RH4hHk5gUUYFl8UmT
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral5
- Target
  
  originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae
- Size
  
  507KB
- MD5
  
  42fba80f105aa53dfbf50aeba2d73cae
- SHA1
  
  a49b135a66afba5713936d4758ca5d40f19b9e71
- SHA256
  
  ac7d02465d0b1992809e16aaae2cd779470a99e0860c4d8a2785d97ce988667b
- SHA512
  
  b42b529585da21bae4d36fb1e9b5f2471e77d87505db91f8859068816d355fdd8b4aaaa922512a8a39259b247b9aeaeba92cfb0ab5140122f83dd163b8ed00cf
- SSDEEP
  
  6144:h5LReC+jODUJ6aCujPjtNbShm6YNYa2Zg3:h5o3jOU6aCCtw8p
Score

1^/10
behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Detects PlugX payload

Deletes itself

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Detects PlugX payload

PlugX

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6