General
-
Target
5ead238621bef7cc4c4f58ac5eb614dd16acbcfd30c75169ff5f16d7905243a5
-
Size
491KB
-
Sample
240410-nc6yxsdf87
-
MD5
e7f3d45d4e51176150f58d4b885e01e4
-
SHA1
f8141b3f21e3f9f354eb960b841050cc2aabe03d
-
SHA256
5ead238621bef7cc4c4f58ac5eb614dd16acbcfd30c75169ff5f16d7905243a5
-
SHA512
63e87fc692ded07fc5f304813cc046ec8ac45958ca2254f1064e4cae0e03d4db4d4c6b5373f69b8b5075286d2206e10b30b05dad61cc15e64e18795d1d707174
-
SSDEEP
12288:ZGqN/XdctpVtkYoAcoDDpY1sbF7A0Lxjulj/:PNcBtkjAcoMs5kUylj/
Malware Config
Targets
-
-
Target
5ead238621bef7cc4c4f58ac5eb614dd16acbcfd30c75169ff5f16d7905243a5
-
Size
491KB
-
MD5
e7f3d45d4e51176150f58d4b885e01e4
-
SHA1
f8141b3f21e3f9f354eb960b841050cc2aabe03d
-
SHA256
5ead238621bef7cc4c4f58ac5eb614dd16acbcfd30c75169ff5f16d7905243a5
-
SHA512
63e87fc692ded07fc5f304813cc046ec8ac45958ca2254f1064e4cae0e03d4db4d4c6b5373f69b8b5075286d2206e10b30b05dad61cc15e64e18795d1d707174
-
SSDEEP
12288:ZGqN/XdctpVtkYoAcoDDpY1sbF7A0Lxjulj/:PNcBtkjAcoMs5kUylj/
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-