Overview

overview

10

Static

static

3

RasTls.dll

windows7-x64

3

RasTls.dll

windows10-2004-x64

3

RasTls.exe

windows7-x64

10

RasTls.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f

  • Size

    187KB

  • Sample

    240410-mr23vacg79

  • MD5

    89d025b55f7e4ffd942bbbe177dc7840

  • SHA1

    2bbd1c11ddb32555f704640395568599bb2d31b0

  • SHA256

    45c944889a482ae2e0e0a8e260c3be737cb612c8804164badef61e8a8713b92f

  • SHA512

    92be745159f062bb1a336bb4c3eea5a2b9a53a8d5134bf624b932bf410c145e27b4b9aaedd3326bd76a97ba56cdc1552dd85952cc889de6fef51206deabc20ba

  • SSDEEP

    3072:osc0lGgJJtaJXdlVVnXSRRABY3GNCQA1tRnB/rnWADLNBd61H3f9SWvJyLN1DLFm:o/0JJJtaJXdlVVnCXuCXtRnB/SAViHsi

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      RasTls.dll

    • Size

      3KB

    • MD5

      d5915394a6916a00c426aa2827d97c0e

    • SHA1

      50064d66c9b55b6f7d22051b81914d8366fe36c8

    • SHA256

      6cd5079a69d9a68029e37f2680f44b7ba71c2b1eecf4894c2a8b293d5f768f10

    • SHA512

      56aa607a5a1bf095b017fd23a1007795f4bdd3a5a5efe571f7c74b7a4e37fb88f3031c26b5189e9f67328222b3dda621a7379da5341bfa95e25605b703ea6373

    Score
    3/10
    behavioral1behavioral2

    • Target

      RasTls.exe

    • Size

      105KB

    • MD5

      62944e26b36b1dcace429ae26ba66164

    • SHA1

      2616da1697f7c764ee7fb558887a6a3279861fac

    • SHA256

      f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68

    • SHA512

      e3c366044ac0b4df834b2f05d900cad01bc55b39028984ed3486aa2522e8c226bf9a81952da2c7e4bf0bc2c322d10fe58329e787238bb710a137827927b48d7c

    • SSDEEP

      1536:To0lZUH+MeI1M04n45PFmsMfgiqf5YXneJ07soW8VD5cN:TOw4jYgiqf5yh7sl8VF

    Score
    10/10
    plugxtrojan

    • Detects Talisman variant of PlugX

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks