Overview

overview

10

Static

static

3

7d0ff5125a...0f.exe

windows7-x64

10

7d0ff5125a...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d0ff5125ace6fc49103c71fdab7f430c20741ce36b54e0379c71a6841962e0f

  • Size

    554KB

  • Sample

    240410-pa79msac3s

  • MD5

    9310477537d5d7c92bc711547a4c9621

  • SHA1

    5b90d064de8955cf26ac9c1e59a60c106871aa79

  • SHA256

    7d0ff5125ace6fc49103c71fdab7f430c20741ce36b54e0379c71a6841962e0f

  • SHA512

    31b3367c2736e4549bfe7a7511c76ced47f14faf2200439e973f1b7c96dacb90412bad4bf3467e9d8e2b3b38367a674075360940d5749a5e697bb92e4ecd5707

  • SSDEEP

    12288:YUomEFRu3xEPE6HuRurMRFs7hm7p0fdINC//TZSIy:YmOMSPE6ORIMPT0fdIkHTZSR

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      7d0ff5125ace6fc49103c71fdab7f430c20741ce36b54e0379c71a6841962e0f

    • Size

      554KB

    • MD5

      9310477537d5d7c92bc711547a4c9621

    • SHA1

      5b90d064de8955cf26ac9c1e59a60c106871aa79

    • SHA256

      7d0ff5125ace6fc49103c71fdab7f430c20741ce36b54e0379c71a6841962e0f

    • SHA512

      31b3367c2736e4549bfe7a7511c76ced47f14faf2200439e973f1b7c96dacb90412bad4bf3467e9d8e2b3b38367a674075360940d5749a5e697bb92e4ecd5707

    • SSDEEP

      12288:YUomEFRu3xEPE6HuRurMRFs7hm7p0fdINC//TZSIy:YmOMSPE6ORIMPT0fdIkHTZSR

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks