Overview

overview

10

Static

static

1

LZMA.exe

windows7-x64

10

LZMA.exe

windows10-1703-x64

10

LZMA.exe

windows10-2004-x64

10

LZMA.exe

windows11-21h2-x64

10

expatai.dll

windows7-x64

1

expatai.dll

windows10-1703-x64

1

expatai.dll

windows10-2004-x64

1

expatai.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CryptSvcser.rar

  • Size

    565KB

  • Sample

    240218-tmaw5ace25

  • MD5

    8e890ab137242043a339446f9ecf1695

  • SHA1

    ba9561ae47b0ca404a3052b9f0aabe3060f2b7f4

  • SHA256

    9ff40de5a55aa6b5cf34c61acd52a26f77c6eb5cf1d464e0e651a046227a7b78

  • SHA512

    cecbdf582740bb299dbd238a53392433aafa4da3cdba5592cff445e385047de3d71e52324b256b34dbfaafc15605b329b4267048b15abb024b2eaebdcf65f15e

  • SSDEEP

    12288:DnwcgaxRWDaNVnu8QHwVvzUHeFDx3r5hBTOFqhtPcU+oNZW9u8Zm:YwRWDqn5QWYHeP1hp9cU/N09I

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      LZMA.exe

    • Size

      388KB

    • MD5

      89266366e2c712e8b47b2b9ed30d60b7

    • SHA1

      a94bb0440fe6c0d7a6c102037561ffbe6203a251

    • SHA256

      f7369777a4fee1b2e8282f30dc355c3216e4fdc7018912f2a7444026f9edafd0

    • SHA512

      385916c9bbc9a4d7474bfcc68c4fb281e2f3d6df5c11a114b8646400f8a822a5c945f80de2d8d97547e58971b03bcada2f28fc2f259db07ea1880b3fa68b3d95

    • SSDEEP

      12288:1PzUcyOjaTbV7DWZzZg1iuc30Oy7CxMFr:Vz1y6AbV+qwEr

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2behavioral3behavioral4

    • Target

      expatai.dll

    • Size

      400KB

    • MD5

      dd55071ced298687339566cbe9b23c40

    • SHA1

      1b5f760daab97658f7c0f7c28db35f10bde761bb

    • SHA256

      ed10a005bbab4385775e5964586bad0c1d267edbf87ce98feb3cc7135877cca1

    • SHA512

      ae9753860775be0039463c408e080a2541465562702c2407b46d3ab15dacdae6721325eb60ae72e0b389da2524e6122593a6f9bf42f1c2df5c2cb8463c4026c8

    • SSDEEP

      6144:0iKR+8NAOuiLSswqA5YcgU8IoIkfvvIsAOIjAOktasHaF:U+8TSpqA5Yo1kfvvIsqjM6F

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Matrix

Tasks