plugx | 369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397 | Triage

Submit
Reports

Overview

overview

Static

static

3

369e74a8e1...97.exe

windows7-x64

369e74a8e1...97.exe

windows10-2004-x64

Sharing

General

Target

369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397
Size

697KB
Sample

240410-mdx7qsfc4z
MD5

48ab8b5189e1fae02258e9e82a964e51
SHA1

1a8dc7545033f3a17cf47b43313ce2fba7a71e78
SHA256

369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397
SHA512

0d03ab2dc67d34f1fc922c1b0b4afb213021adf4d8460b2c2d30621362db50cc2f99e3b5755ee4f4a7d358cb73e7eeee71102e91bc0ac932bf86e4900e9e48bf
SSDEEP

12288:YUomEFRu3xEPE6wr0AgMw3GPWyf50YiYjnpYzQxANb3B0G+tUfeI6t5:YmOMSPE6w47Iv5036YzQguGMVI+5

Score

10^/10

plugx trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397.exe

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397
- Size
  
  697KB
- MD5
  
  48ab8b5189e1fae02258e9e82a964e51
- SHA1
  
  1a8dc7545033f3a17cf47b43313ce2fba7a71e78
- SHA256
  
  369e74a8e1f686896f82d92ee2467ca6736bc44b06faab9db9ea6473aef4c397
- SHA512
  
  0d03ab2dc67d34f1fc922c1b0b4afb213021adf4d8460b2c2d30621362db50cc2f99e3b5755ee4f4a7d358cb73e7eeee71102e91bc0ac932bf86e4900e9e48bf
- SSDEEP
  
  12288:YUomEFRu3xEPE6wr0AgMw3GPWyf50YiYjnpYzQxANb3B0G+tUfeI6t5:YmOMSPE6w47Iv5036YzQguGMVI+5
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy