Overview

overview

10

Static

static

3

客户端/...ab.dll

windows7-x64

1

客户端/...ab.dll

windows10-2004-x64

3

客户端/...ro.dll

windows7-x64

1

客户端/...ro.dll

windows10-2004-x64

1

客户端/...��.exe

windows7-x64

10

客户端/...��.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebfc2b62ea889cf96c4eb0b649672c6b713ad163fd5818c2f46a9b5726dd80fb

  • Size

    620KB

  • Sample

    240410-r5jwmsbf76

  • MD5

    89607e6cabc4cc4e2ae5dd3647543c23

  • SHA1

    b7fbb70a982dfc116301b4a3965b35d64982d3c4

  • SHA256

    ebfc2b62ea889cf96c4eb0b649672c6b713ad163fd5818c2f46a9b5726dd80fb

  • SHA512

    a379ba1922752a250cb32d1d1d20334c547ab4bf5fc49e9587113c4b34c89a048235c1e0c419500df5bbf33d1e97d47bccb37b298cfd3e1b027117f01f758f7b

  • SSDEEP

    12288:6sTgLUkRM/wBpoopsB7nkBeY3wZHOBoNbHw3sHgd9WbgO3N/IXS6+5pa:6e6W/DxnkBx30OCVHk8Z35IXq5pa

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      客户端/20201108/D3DX81ab.dll

    • Size

      673KB

    • MD5

      4d27c761c43f1f4094005889efd968eb

    • SHA1

      3900a153f894dda7a8b23984b20d87b3ae6b01ab

    • SHA256

      7afd418750824969fd6d0c6db949456998f792c97d6a69669051e1c90a458a5b

    • SHA512

      5a173e16fec3555da024555c3b8ca3c95667b6f6e2286c8ab83a63a70b614effe01c7332a9f518ceb9cc6754295bbfc3fffb93e7e6ca36050a4e3a38ac48dc2e

    • SSDEEP

      12288:g905yeX+DrR+wK/7OQQFICi7hrevXUdqzA/hz29FoVIJoLyq06:g9kOPi/ajFICi7EMdqzAB+cAo

    Score
    3/10
    behavioral1behavioral2

    • Target

      客户端/20201108/libcro.dll

    • Size

      74KB

    • MD5

      eb21f4f06f900c89519ccf17a0ead35b

    • SHA1

      ad30037f31f910ece2ba79fa30e55128d63059e6

    • SHA256

      618e38e0e5ccdefbd4bc4987f60c40f1c2f733c2441ed2026d1530910d7196bd

    • SHA512

      dd58edad7fdd0e8f352805f75bff7bfda1b016f0815b8df68b9947e456b47f140fc470dbf9ec37adc724601c27ca7276ba88bdc62573b44167bcd12c19cc482a

    • SSDEEP

      1536:TW4k95Lkeu4BImLAEgioTc8AJsWjcd53aI/n5K:TWn5IyVGF53nc

    Score
    1/10
    behavioral3behavioral4

    • Target

      客户端/20201108/管理程序.exe

    • Size

      427KB

    • MD5

      04d96003c2fc885a648028b50c4b0ed0

    • SHA1

      6dbcc75a74ef43a275ba90246279ece264dc7a4f

    • SHA256

      ab6f2d57c89435f667a4edc72635188aee2c559c6c0b6c6272cdf18ac44c1fe1

    • SHA512

      d99a8b7f97a0cdafeef07e6bc6469275f762331f4a5ecf701114ff30d2c3571befa29e47376197d164be3b2e63628bbb6e6e659c54e4e34b98a19a51900c8dbf

    • SSDEEP

      12288:/Qfw5psvke4qfscp4s9fUqlXUOJyTpeaknLzZo/vo058:/QoVe4qfsM4s6hFpeakpoj8

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks