Overview

overview

10

Static

static

3

354fed4072...79.exe

windows7-x64

10

354fed4072...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379

  • Size

    697KB

  • Sample

    240410-mcdfyafb91

  • MD5

    3523aba425931e1afbe4864ae714beb1

  • SHA1

    38e49f28a2f36eb1346eec18083c6a6b3e7ab4d7

  • SHA256

    354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379

  • SHA512

    973a8a551c38d7efc5f3d21ae0d34b053f8330cec858814d06384b9a7bc12ef1e97fb3d4ce0bd638ab79e0c1f297af61a430c5f1ab81666127abd8d331c069dc

  • SSDEEP

    12288:YUomEFRu3xEPE6WB0G+tUfeyr0AgMw3GPWyf50YiYjnpYzQxANbx6t5:YmOMSPE6xGMVy47Iv5036YzQgd+5

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379

    • Size

      697KB

    • MD5

      3523aba425931e1afbe4864ae714beb1

    • SHA1

      38e49f28a2f36eb1346eec18083c6a6b3e7ab4d7

    • SHA256

      354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379

    • SHA512

      973a8a551c38d7efc5f3d21ae0d34b053f8330cec858814d06384b9a7bc12ef1e97fb3d4ce0bd638ab79e0c1f297af61a430c5f1ab81666127abd8d331c069dc

    • SSDEEP

      12288:YUomEFRu3xEPE6WB0G+tUfeyr0AgMw3GPWyf50YiYjnpYzQxANbx6t5:YmOMSPE6xGMVy47Iv5036YzQgd+5

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks