Overview

overview

10

Static

static

3

fc1e2a0ed2...9f.exe

windows7-x64

10

fc1e2a0ed2...9f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f

  • Size

    616KB

  • Sample

    240410-sgpmnafd5v

  • MD5

    adc1463af9514ac48cd963385f08c40f

  • SHA1

    5d5d0c94473b30234efc9915ee67db7accc02c5d

  • SHA256

    fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f

  • SHA512

    076d9e8523a56e90553aca20a736c3d72e11f4189ba6686ccc9b08e6830df25b3ffb58457d55eb36a2257c7704113fd7e6f9899cb1b8a0859ac00cd43b94c567

  • SSDEEP

    12288:YUomEFRu3xEPE69cRgjq7Vv87gZCf5mKtKX6jtXM6DlZ2NBYBPhzMqDxnnID:YmOMSPE6KRkq7fXRiXXlZ2NByPiqFnS

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f

    • Size

      616KB

    • MD5

      adc1463af9514ac48cd963385f08c40f

    • SHA1

      5d5d0c94473b30234efc9915ee67db7accc02c5d

    • SHA256

      fc1e2a0ed20ef3cb8a543b65cc0db5d05f5e107a6c43bf6f1c0b581e6167a59f

    • SHA512

      076d9e8523a56e90553aca20a736c3d72e11f4189ba6686ccc9b08e6830df25b3ffb58457d55eb36a2257c7704113fd7e6f9899cb1b8a0859ac00cd43b94c567

    • SSDEEP

      12288:YUomEFRu3xEPE69cRgjq7Vv87gZCf5mKtKX6jtXM6DlZ2NBYBPhzMqDxnnID:YmOMSPE6KRkq7fXRiXXlZ2NByPiqFnS

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks