plugx | 7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8 | Triage

Submit
Reports

Overview

overview

Static

static

3

7eae5cef9f...d8.exe

windows7-x64

7eae5cef9f...d8.exe

windows10-2004-x64

Sharing

General

Target

7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8
Size

680KB
Sample

240207-nnqfbagbb5
MD5

2f1356cb77747b11a41902001be47d03
SHA1

b580948628efa035b39beb2a132d025ba3306a34
SHA256

7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8
SHA512

9cbbdc58fc69c6bdbdf455fd86615a127e694d8571715d4aaad2e8a9cf1dbc1e6d22c29be3ebd8f192d9b2d1a4c094e121ffa554e198b9e6acc9a46c3c497d8c
SSDEEP

12288:uubsNSOetfARQAPyGU2X+tZ/mH2xd8eEOLBc64cry3rqiWaA3HG:uubsnafAPyjt/hxd8jCBr1ubiakm

Score

10^/10

plugx trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8.exe

Resource

win7-20231215-en

plugx trojan vmprotect

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8.exe

Resource

win10v2004-20231215-en

plugx trojan vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8
- Size
  
  680KB
- MD5
  
  2f1356cb77747b11a41902001be47d03
- SHA1
  
  b580948628efa035b39beb2a132d025ba3306a34
- SHA256
  
  7eae5cef9f7990ee8f749c2ee2d3d93027bcd4c9ad9896e641786e18009e2ad8
- SHA512
  
  9cbbdc58fc69c6bdbdf455fd86615a127e694d8571715d4aaad2e8a9cf1dbc1e6d22c29be3ebd8f192d9b2d1a4c094e121ffa554e198b9e6acc9a46c3c497d8c
- SSDEEP
  
  12288:uubsNSOetfARQAPyGU2X+tZ/mH2xd8eEOLBc64cry3rqiWaA3HG:uubsnafAPyjt/hxd8jCBr1ubiakm
Score

10^/10

plugx trojan vmprotect
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxtrojanvmprotect

behavioral2

plugxtrojanvmprotect

© 2018-2024

Terms | Privacy