Overview

overview

10

Static

static

3

81d2be1565...a9.exe

windows7-x64

10

81d2be1565...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9

  • Size

    430KB

  • Sample

    240410-pfc1pafc45

  • MD5

    aeb38328ffe5bd3bf5766a8fad075d08

  • SHA1

    cf96c505059f6c384833250bf813f23d8fc6458f

  • SHA256

    81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9

  • SHA512

    87f3b91a974af59179a483eddc519388aa02634ec586028850cdea4dad749b93ba072208cb94fed81ccd704cec55b309725e91ff96302957c939a5571777a582

  • SSDEEP

    6144:hsxanyfX5k7JlJDlABKUtfU/WQcb5KRsHWFveHKJaR28qlnGekSFKv5mmW4M3Fn:y0nyfXuIBDtfuM2iSG6KYmkB

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9

    • Size

      430KB

    • MD5

      aeb38328ffe5bd3bf5766a8fad075d08

    • SHA1

      cf96c505059f6c384833250bf813f23d8fc6458f

    • SHA256

      81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9

    • SHA512

      87f3b91a974af59179a483eddc519388aa02634ec586028850cdea4dad749b93ba072208cb94fed81ccd704cec55b309725e91ff96302957c939a5571777a582

    • SSDEEP

      6144:hsxanyfX5k7JlJDlABKUtfU/WQcb5KRsHWFveHKJaR28qlnGekSFKv5mmW4M3Fn:y0nyfXuIBDtfuM2iSG6KYmkB

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks