plugx | fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f | Triage

Submit
Reports

Overview

overview

Static

static

3

fc1e2a0ed2...9f.exe

windows7-x64

fc1e2a0ed2...9f.exe

windows10-2004-x64

Sharing

General

Target

fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f
Size

616KB
Sample

240410-sgpmnafd5v
MD5

adc1463af9514ac48cd963385f08c40f
SHA1

5d5d0c94473b30234efc9915ee67db7accc02c5d
SHA256

fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f
SHA512

076d9e8523a56e90553aca20a736c3d72e11f4189ba6686ccc9b08e6830df25b3ffb58457d55eb36a2257c7704113fd7e6f9899cb1b8a0859ac00cd43b94c567
SSDEEP

12288:YUomEFRu3xEPE69cRgjq7Vv87gZCf5mKtKX6jtXM6DlZ2NBYBPhzMqDxnnID:YmOMSPE6KRkq7fXRiXXlZ2NByPiqFnS

Score

10^/10

plugx trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f.exe

Resource

win7-20231129-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f
- Size
  
  616KB
- MD5
  
  adc1463af9514ac48cd963385f08c40f
- SHA1
  
  5d5d0c94473b30234efc9915ee67db7accc02c5d
- SHA256
  
  fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f
- SHA512
  
  076d9e8523a56e90553aca20a736c3d72e11f4189ba6686ccc9b08e6830df25b3ffb58457d55eb36a2257c7704113fd7e6f9899cb1b8a0859ac00cd43b94c567
- SSDEEP
  
  12288:YUomEFRu3xEPE69cRgjq7Vv87gZCf5mKtKX6jtXM6DlZ2NBYBPhzMqDxnnID:YmOMSPE6KRkq7fXRiXXlZ2NByPiqFnS
Score

10^/10

plugx trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy