Overview

overview

10

Static

static

3

Injected_L...re.exe

windows10-1703-x64

10

Injected_L...re.exe

windows7-x64

10

Injected_L...re.exe

windows10-1703-x64

10

Injected_L...re.exe

windows10-2004-x64

10

Injected_L...re.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Injected_LoadExe_Malware.zip

  • Size

    386KB

  • Sample

    240320-sm7qesbe48

  • MD5

    915dc668d03b446038477916ff183871

  • SHA1

    3803f5967482679491908aca3e7486105c744936

  • SHA256

    3244606c4d740afa7a0c8f5e89a99c9ed8940103213451e23c1d9af3c89e3f75

  • SHA512

    f592d95d0e3cee01e006e1c3dd83455b32abf18d76d7689a5d2b508a8eb285191605c33da2391519ea24bf52c080c0d3a03c36b1974ea074ad1f1140d073e66b

  • SSDEEP

    6144:veDOgAZ7Xq1XkTb5EP608f3ZkjGar0WPgSmdUnywP8vga5sl/b+Gsdf8JyKmkEJh:WDQZ4XkK60bG80CkqZl/aGCxVW1O1

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      Injected_LoadExe_Malware.bin

    • Size

      428KB

    • MD5

      7f7f7f4694f450ed2a0c4ada853a37ca

    • SHA1

      3ed531540d781153b51afd253c8eb4c2d1f62deb

    • SHA256

      ed7a16bc643d74cd6a15ec9dcc8872e6a30b28b2ce012bd6f6ed6bfa75a61881

    • SHA512

      988da1646e17d33e270e5e898e09504aa770d00fb2164e0d49ee6bc7ba3d7fbb915616ea7b0ed5dc9ba4089fe91fc667da37636d1e02c9a0199a20e54885df6c

    • SSDEEP

      12288:+K2mhAMJ/cPlFBUVbCwc7FFaQyG4NvIX/gsXyssKR:v2O/GlFBsCwwFwb+Fs0

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks