Overview

overview

10

Static

static

6

sample3.pdf

windows7-x64

10

sample3.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample3.pdf

  • Size

    603KB

  • Sample

    240403-mphlescc2v

  • MD5

    2b203ff7805a789f64ec614dee2a7e7b

  • SHA1

    dfa47a1bacea6afc7e334a31ad53045338d29ec5

  • SHA256

    a6dbaab6da4004321c979abf0b0270f44f56f793ac47751ccbc2989e258aea24

  • SHA512

    263b79355f8541dabfd26b5e85bdf7e3423bab5081eb3c99131f5dad42cdde6eeed0d00b520bf7400a5ae86883a0270759cfa846ce71832d717ea2ccd2491257

  • SSDEEP

    12288:dGROjjzZ2fNv33w32iaMLavQVXsEAop5tNIBUwlDq7p:GOjjzyNw2qLO6XstECFpq7p

Score
10/10
plugxevasionpdftrojan

Malware Config

Targets

    • Target

      sample3.pdf

    • Size

      603KB

    • MD5

      2b203ff7805a789f64ec614dee2a7e7b

    • SHA1

      dfa47a1bacea6afc7e334a31ad53045338d29ec5

    • SHA256

      a6dbaab6da4004321c979abf0b0270f44f56f793ac47751ccbc2989e258aea24

    • SHA512

      263b79355f8541dabfd26b5e85bdf7e3423bab5081eb3c99131f5dad42cdde6eeed0d00b520bf7400a5ae86883a0270759cfa846ce71832d717ea2ccd2491257

    • SSDEEP

      12288:dGROjjzZ2fNv33w32iaMLavQVXsEAop5tNIBUwlDq7p:GOjjzyNw2qLO6XstECFpq7p

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks