Overview

overview

10

Static

static

3

ATKEX.dll

windows7-x64

1

ATKEX.dll

windows10-1703-x64

1

ATKEX.dll

windows10-2004-x64

1

ATKEX.dll

windows11-21h2-x64

1

TraceIndexer.exe

windows7-x64

10

TraceIndexer.exe

windows10-1703-x64

10

TraceIndexer.exe

windows10-2004-x64

10

TraceIndexer.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AsComDtSvc.rar

  • Size

    42.2MB

  • Sample

    240218-tm77mace34

  • MD5

    27c54ebca327e21912d2c8ddf2d4c932

  • SHA1

    e8b2fefce84d8915d1df27d211f0906b2a2551aa

  • SHA256

    28dc274e4f75b88e22a58a0672e4abaf15f9660f939dbd49a8db443a7e8891a6

  • SHA512

    4f39ffc94c5f1a896717f569ad7e2382decdd11d75f8fc114df905e38bc91f9eb4aaecfe977006c0118fc1f25ede55fcaaac33e8bb01b31d595cdc15788bb376

  • SSDEEP

    786432:Pfea9IU6TwogytbsVcfGf6VHvz/fv0vL0PUBRpydEwUBZYQkXiDys7rE:PfeaqU6EvknPW9Nubs7g

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      ATKEX.dll

    • Size

      53KB

    • MD5

      ed5b3b3a04e3ccc8ddc41e0691c6af38

    • SHA1

      7ab5dc0750fa4d5953bf45b9de4b5261458b69fa

    • SHA256

      9b0f2a4833461caabd4d44c53c31b719c80b7f44a92cff5c0fb01d83f7fa43cb

    • SHA512

      ae89fa6db3ba270e0ba1cae0d0457441500dfc78a50a40b7d3a2e3fae99529690e3aaa05c8821115a0a4e41197a4a650a2a8b25f92fbcb50eed7a639119cd8ad

    • SSDEEP

      768:G8HLbpnzrRiu5m+e8a0LrvGhvkkQCHyunDEDhcvS2nzmcSSSSw:G8rbpnzrdm+eiLjKvkKS4rJzTSSSSw

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      TraceIndexer.exe

    • Size

      457KB

    • MD5

      07321f91bad9653b4fa737e5c993de90

    • SHA1

      9b0e7f445739825816e970205fe92adf7d3e1fc8

    • SHA256

      c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

    • SHA512

      c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

    • SSDEEP

      12288:RDodb27n+xNHL9mk39q8AwbtTtR9zi1mxrQYAA0jkYu6h82hE2ha:2d27nQNHL9mk39q8AwJRxrJEjk/MBhnU

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes itself

    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks