plugx | 769863ec7ba1e28a77c7cc0bda19bb79e6869cae63ecdfab97c669fc40348a0c | Triage

Sharing

General

Target

d369b0abb477bed3cda7ee99b203d45d
Size

344KB
Sample

240318-nrlljagd4v
MD5

d369b0abb477bed3cda7ee99b203d45d
SHA1

e77c9f4eead9652134c3eb82741bfecdd6a191e0
SHA256

769863ec7ba1e28a77c7cc0bda19bb79e6869cae63ecdfab97c669fc40348a0c
SHA512

257cebd19cc4509bdd9e7a62a0623bd2fffac3554f113707aba187370490b3a741438b0eec18a42fb214467862e48491bc69ba6f1b56549eb5445f73c3252cd5
SSDEEP

6144:VcPsBlXxcupxfbs9Sx7NqRz9In+Ml1vob6dtv4Dr5pT:Vflmupxfa0SodlhoW7v4v5pT

Score

10^/10

plugx persistence trojan

Malware Config

Targets

- Target
  
  d369b0abb477bed3cda7ee99b203d45d
- Size
  
  344KB
- MD5
  
  d369b0abb477bed3cda7ee99b203d45d
- SHA1
  
  e77c9f4eead9652134c3eb82741bfecdd6a191e0
- SHA256
  
  769863ec7ba1e28a77c7cc0bda19bb79e6869cae63ecdfab97c669fc40348a0c
- SHA512
  
  257cebd19cc4509bdd9e7a62a0623bd2fffac3554f113707aba187370490b3a741438b0eec18a42fb214467862e48491bc69ba6f1b56549eb5445f73c3252cd5
- SSDEEP
  
  6144:VcPsBlXxcupxfbs9Sx7NqRz9In+Ml1vob6dtv4Dr5pT:Vflmupxfa0SodlhoW7v4v5pT
Score

10^/10

plugx persistence trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxpersistencetrojan

behavioral2

plugxpersistencetrojan