General

  • Target

    Plex-1.88.1.96-c1c59fc1-x86_64.exe

  • Size

    177.5MB

  • Sample

    240311-wav3msbg69

  • MD5

    8d9e10e53dd1f3debca287124be7c262

  • SHA1

    840b298d54219611efd41177389526c115c909c9

  • SHA256

    0f697e9cca3455c8e54b7b049b4e9632115634615f38e43ddbeb781d978354db

  • SHA512

    6e69d4d105236d711b7a6d03c80b68b3bcad7aa2082ef85c30b9e5beb9917d8eeb94841a12cf1178637ce6d00a1fe8f46d34fc21f283a1ccabcd280f1206dda2

  • SSDEEP

    3145728:7UVuPbCpw3jGP1ppoA4VgL5yHv4v/KXqD/z4GEsskH3zL7B+Si9Ara5:gAPFjm1sJW4Hvy/US89yU

Score
5/10

Malware Config

Targets

    • Target

      Plex-1.88.1.96-c1c59fc1-x86_64.exe

    • Size

      177.5MB

    • MD5

      8d9e10e53dd1f3debca287124be7c262

    • SHA1

      840b298d54219611efd41177389526c115c909c9

    • SHA256

      0f697e9cca3455c8e54b7b049b4e9632115634615f38e43ddbeb781d978354db

    • SHA512

      6e69d4d105236d711b7a6d03c80b68b3bcad7aa2082ef85c30b9e5beb9917d8eeb94841a12cf1178637ce6d00a1fe8f46d34fc21f283a1ccabcd280f1206dda2

    • SSDEEP

      3145728:7UVuPbCpw3jGP1ppoA4VgL5yHv4v/KXqD/z4GEsskH3zL7B+Si9Ara5:gAPFjm1sJW4Hvy/US89yU

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      web-client/translations/fr-CA.json

    • Size

      243KB

    • MD5

      c10cca4a8d329051baec753502ad3be2

    • SHA1

      af6328c7628d6772ec9fd09f8b2ab3b81bdf7da9

    • SHA256

      f85b7b26d7b3a1c88906ebda7c36f584c562bf048608fb32e597467ea21c75f9

    • SHA512

      c4e81a4ddb9ca1940826436c4ad2a7e7d536277ad264bc15b0403fe78216842d9893506429e48196f3d88ff4c8e10b015f6ca41abbfecfcc476bd9cf4b9d1c1e

    • SSDEEP

      3072:dlgqCCLebiG1pHGD85hfcBozvxARhwwztAJCRjdE9goppkH0vDCVgO3OeyKxY0Hi:w+852x66YWUcfoXi31opKaAYmbNd7Q

    Score
    3/10
    • Target

      web-client/translations/fr.json

    • Size

      240KB

    • MD5

      635ac93533ef3574fbfb8d4f91435e4a

    • SHA1

      e346d36769f40217991bfae8095311fb7a2deb0a

    • SHA256

      0caa5d00f88c1e2e189406a8621ebdcddc55031c58cc93a66ddcd92cdc989122

    • SHA512

      45e16c6a4807c4a86136aef88c4ed2a9054fabd727a80280dcab927e2a93d45d4db2b94f372c4dcaddb583ace100a808be5e71477827b1546011571def239eef

    • SSDEEP

      3072:iUoEIaUzyKHdFZv75aBc/qzvXA2wyWGdfJ0ulOdk2g4ptmERz2VoFQilXKOrvH6j:+d753v+Cso1pLlACHDopKJAvQg2y7N

    Score
    3/10
    • Target

      web-client/translations/he.json

    • Size

      242KB

    • MD5

      ec38722a0b42e53fb82115a5f37cfa64

    • SHA1

      f56956227ff9ab316d538f88172d4ff0cd71536c

    • SHA256

      3cb9978ac7f40b8973585bf0aa3cc18afba0f578118e21bfb9082a651add30ab

    • SHA512

      02af1f52a9ad54d95768e966d4d8481b4eacc4a8110fbb107a8ca5c817e92d1ebb5f73c941aa7cf3d547ddd3b2ecd7fe0d331885e3f026e0c15b03e90ed60d99

    • SSDEEP

      6144:LRqYjbvxi1BswKOkCp5sgBCxPhxxYrSwv5rMmZUBk7Olrwf:LRqYjbvxi1BswKOkCpygBCxPhP0Swv5j

    Score
    3/10
    • Target

      web-client/translations/hr.json

    • Size

      111KB

    • MD5

      6cc56280fc8a1b952bc1940ce522c80c

    • SHA1

      bae76ed798d0df6162bfc9e4332e3e5c0350ce89

    • SHA256

      a4d0a59b342c96c098c0360585ae533048a03d4d96986175e8872f634c12b244

    • SHA512

      dc8517064391b80350111161e9927752379903518a8657c9cd8f11bf57d3a4a3f2cd28d178bddf6c93c07bc60971ba6a0d64f2f9ac5622508d769e8e1aad2dbf

    • SSDEEP

      3072:nTLRK032Vj7Onfe15Gn+OOV/Brf/DWsBVhZtKx135J6FMNhlw3+lBvYa:Hk6e15G0NftAZw3+73

    Score
    3/10
    • Target

      web-client/translations/hu.json

    • Size

      238KB

    • MD5

      66a3d1ac29ca8124e008986eeab30a74

    • SHA1

      11eee80e60d41a1d35755eda7d42f8f1b4a927f9

    • SHA256

      e432e5f6d764d80e3775f45c0a8b1b79b6ab59ba5709ee8af15ce12eefd2b8e1

    • SHA512

      8b219d4732339ce8f2e5c190ffc663b040e7efc4b7906ac4016114b880c3ac2a3eaeba2ff4d5ed62ed38d9e9a64c96d52a93fdf210f279005b36370d4f057285

    • SSDEEP

      3072:DpSjMhhaTWuTygBeF9X8ThJ3D17PceGK5H/5ewSFyDEXOxFPOCSzgpl/Wfr8jIn2:cMhUZBg2I51HPZhZaT0xuUKUG2If

    Score
    3/10
    • Target

      web-client/translations/is.json

    • Size

      45KB

    • MD5

      018131f654bc456870314351c63ac1f5

    • SHA1

      303a8e90a82b310fd456aa49b24aa00e48c168d1

    • SHA256

      bb71c4b1fc04eb15c599cc50d7124c13f78a1bef45ef72d68fff3982ed87e355

    • SHA512

      b6a2bd2c2f9583078c1a5aca8497d78b6d69dcc42551dda95896ff731607af641fefa91bc48f24c997b1451e0bd31b820fef9c0cb0c953451b73ed6113207446

    • SSDEEP

      768:hfeZmxrxJuav6L8szc3KECFatTmDsIQQCLW5slOwizkEZ6h:hxxJuaKJMIatTmDsIQQCL8WOw9EZq

    Score
    3/10
    • Target

      web-client/translations/it.json

    • Size

      225KB

    • MD5

      10e43d161d3c530ec39aac980fd6cffd

    • SHA1

      18f93b8e7a4a36aa5e34ffe84e2e5d2f26a0a385

    • SHA256

      272b294c704e340e1d19571120979c7782132ecab067d3e163a3d93e6fa7a685

    • SHA512

      cc832fe518817877e79fe6031f759e2550a59000b14e3e48c242a6b6e0fe56399adf9199d01b1ad0d92ff73846012121ead281c11e19f8924e80b3472dab59e4

    • SSDEEP

      6144:vr1PPFcu0I8I7StEC15sFyWk9ExyICMUC+hgwnRHmwJjZADxt3LG+a/2nMeh/THF:phkRVolX

    Score
    3/10
    • Target

      web-client/translations/ja.json

    • Size

      265KB

    • MD5

      45ac73de77ed72d77c3aa72971fd5ab8

    • SHA1

      87796c847bde498f2ead76be33bfe58ae9b27c33

    • SHA256

      3f794ff939bb1f8c772f9115922130bfbb657cf22dc1fb7f5f69edc6f04a5643

    • SHA512

      e1d0384f5f35f4d995c2dc8e5390fc8e657349c97ba0d7f5b796e1216a35e58c037f9cd116a83c81ccbd7e52cfa25803b90d2270f88bdfd0427009ce383c56f3

    • SSDEEP

      3072:YqawR0v4IsSAJj6P5nCIL0ddEUkl7xeAYb4Kw4o5xKphWl7/iuHDnUPjLqpNpldR:LAuuiEic

    Score
    3/10
    • Target

      web-client/translations/ko.json

    • Size

      188KB

    • MD5

      cce543c80b9cb8d6ad769d8448857e1d

    • SHA1

      d944c5ea39183241d938bd50a7b9b073fb7d3e0b

    • SHA256

      a82ea5f8820b0226fbf22c2a7e54d341013e38bd35442d2c38cab679f5fa83c0

    • SHA512

      f9096415c7fe4893a7fae79b26efdd3819b5135e0a4d0e127368017b6e64a070d56792ac570030e067e111739b8f9a4f071634d4cdb076f539a10b0c19e5c966

    • SSDEEP

      3072:kz/pBqmWnu9uUrDDUJck36qU9gIxJilfb9R8FtABKtI8WAollsQU4Wwfwr5GSrlu:+C7agCYSFHulW4bt

    Score
    3/10
    • Target

      web-client/translations/lt.json

    • Size

      109KB

    • MD5

      26f6fe0f7a077a0a32ccea96c2b820cc

    • SHA1

      5388c7826c9ef4526e50aee33a470b572a35728d

    • SHA256

      20913922b3befd5ba5244fbec3eddce654558a7e11cdeeee931dc7b8c0c04129

    • SHA512

      3a67578b39254d088e559527dd6721b5e6af0453da6d04c678e14de8c59330e1ba9dd9a77f9722b5a3d44a14ab8b32fa7080729cb2424e1640a274b9e6b77af1

    • SSDEEP

      3072:QQJqrvrxw3XH5i7R+jZC/PYDBQIdqLdLVICs:P1aAI9s

    Score
    3/10
    • Target

      web-client/translations/my.json

    • Size

      134KB

    • MD5

      3a2f807a6f660cc02db520afde62814e

    • SHA1

      977f7ace81a96890dc863c233ab14ffdce6e26ba

    • SHA256

      ac0a99152e138f6732411fc48c46774053dcc35f3a8a2fcfc0da2ae531762c6c

    • SHA512

      398c0d04920f09a9fc8cf4972e47d98743df648e5eae31f4fc53fccd1fddcc39464b9d2fa0c2ef62a15127b17c5f78728e8889bebac1469950b8bb985deeb20e

    • SSDEEP

      3072:v18CoLjxCXmoCqVLCVSOwbBZcxg9VtRHx:v18CTp3OwFZcyFx

    Score
    3/10
    • Target

      web-client/translations/nl.json

    • Size

      156KB

    • MD5

      b2da2b14a8ecb765d750c9541d9cc2f6

    • SHA1

      bb053166fa62ca22ab6243b1a091e62b0eba05c7

    • SHA256

      0418742fe9d4c51e52417b215ad6cafa1b9859c2f706bc388c52668c6e84d79e

    • SHA512

      1fa4c40b468f869ac1ca3a3caed277c9825fd7fd29d893c454eb25317a82890c96fccdf73edbe93b6b19a438bb5bec462b7baa295896fead02ccaf7d76e1795b

    • SSDEEP

      3072:wCBo1IRjrvvgVWKR0q6nT6k8gyh0613DAbaOEsasnlU7WLAONDK1d5dKgCGXfRm2:o1IRjDvgIEd1VCGX5sHbq

    Score
    3/10
    • Target

      web-client/translations/no.json

    • Size

      224KB

    • MD5

      50077b0e1bfa4f89ba8685f13df7d3a2

    • SHA1

      1d878d929c4ce51fdaa5f67cda26570e4c0a313a

    • SHA256

      c942e68b5711f88e67d5c58297d5fc5a5beb46d194058af92475d1316fae98bd

    • SHA512

      156a7780588558e10b736f0f6d8a1b9fc8939a09fd1fe77771b5dd12fd810fc44797b2145bb07bb65252ed4e36507ecf4bd400c719914cb7343f2e3c1a8abf09

    • SSDEEP

      3072:YyWQzpmXq5fVB9audJSVCUpOcDyTpEbtO535GQaHGf3uN7h8I9PkX7yVruVx7xKB:hcDcaHOGEVpigCSnUFD8OH6q

    Score
    3/10
    • Target

      web-client/translations/pl.json

    • Size

      229KB

    • MD5

      9ea17fa0857e212627af762da17fa65d

    • SHA1

      3790166e767b6386a7d81c13c24830fa31afc3a8

    • SHA256

      3955bfa051a8aa8e7a4576e2d76839dd867e73076ad5326806bd4b668b2aaa02

    • SHA512

      922e6f350de0db3ccc00c6f72d65145071dd4b6954d832c7d0890029c07d8fbf28be57d846e7457e43342e298316cf28b1c9d480bdc19dc71a26d4f54b708c43

    • SSDEEP

      3072:p3inCqVoZoPVqD0g4bf9S33k5sJklGouUFUnZe4rhcy/NvY0zjha2HYs5DKBTjsh:KXZS331TjYIp4sqTi6YnLgXhyce

    Score
    3/10
    • Target

      web-client/translations/pt-BR.json

    • Size

      232KB

    • MD5

      22bd2d79ad2ccfbaf3d9de20572d847a

    • SHA1

      aabe4984f62c404e89d5880b4da619a35c160d40

    • SHA256

      3358b77fe149fda92a403b2aa60eb61cf461c8255bffb989d9b059668f76a273

    • SHA512

      cdd0b8f136aa97bd6fbb6f66a7174ee59b1669b74e621bb1bdf34d472c262e92e2f3e7b2ab4e0c7fdd09cf4055d1198340791714ff7d52ea95b1b68083e30ac3

    • SSDEEP

      3072:Z+wAE/jofDYUlsnle3W/NAVzb9AKl7ljU9udgOHxQTIjVi9UfJ125ULJTy/9fq5i:oFg1Xn8gVXt

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks