General
-
Target
81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9
-
Size
430KB
-
Sample
240410-pfc1pafc45
-
MD5
aeb38328ffe5bd3bf5766a8fad075d08
-
SHA1
cf96c505059f6c384833250bf813f23d8fc6458f
-
SHA256
81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9
-
SHA512
87f3b91a974af59179a483eddc519388aa02634ec586028850cdea4dad749b93ba072208cb94fed81ccd704cec55b309725e91ff96302957c939a5571777a582
-
SSDEEP
6144:hsxanyfX5k7JlJDlABKUtfU/WQcb5KRsHWFveHKJaR28qlnGekSFKv5mmW4M3Fn:y0nyfXuIBDtfuM2iSG6KYmkB
Malware Config
Targets
-
-
Target
81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9
-
Size
430KB
-
MD5
aeb38328ffe5bd3bf5766a8fad075d08
-
SHA1
cf96c505059f6c384833250bf813f23d8fc6458f
-
SHA256
81d2be1565c05f77e829e1296d17d9456ae672459e4283315cdd0dfae01626a9
-
SHA512
87f3b91a974af59179a483eddc519388aa02634ec586028850cdea4dad749b93ba072208cb94fed81ccd704cec55b309725e91ff96302957c939a5571777a582
-
SSDEEP
6144:hsxanyfX5k7JlJDlABKUtfU/WQcb5KRsHWFveHKJaR28qlnGekSFKv5mmW4M3Fn:y0nyfXuIBDtfuM2iSG6KYmkB
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-