General
-
Target
ff9add51335bd66c0b204bf060a92d4b_JaffaCakes118
-
Size
222KB
-
Sample
240421-s1wv3sef9s
-
MD5
ff9add51335bd66c0b204bf060a92d4b
-
SHA1
6c991a643755725a48b34fc2a552ffd48ecddfee
-
SHA256
61468e3775e2171c306d339dfd7a117405c13b4462399e8e286c3e86b8e1d3d9
-
SHA512
5a517f5423c737187ff71b9c26dd8a20ebc0ab87a88f28785b64ece016103251b0142be9c68e1672e13462f0d53e3f3cdfcc400ac35f29e50ebe17bd67074dd2
-
SSDEEP
3072:gB2/NrEldVcgsiBwd2Je4eNdojgeABdfBAPb+yEgINjcwAC8OC+z8Qnl:9eqrOwd2pGSjFAf5A6dgI1cwI+zL
Malware Config
Targets
-
-
Target
ff9add51335bd66c0b204bf060a92d4b_JaffaCakes118
-
Size
222KB
-
MD5
ff9add51335bd66c0b204bf060a92d4b
-
SHA1
6c991a643755725a48b34fc2a552ffd48ecddfee
-
SHA256
61468e3775e2171c306d339dfd7a117405c13b4462399e8e286c3e86b8e1d3d9
-
SHA512
5a517f5423c737187ff71b9c26dd8a20ebc0ab87a88f28785b64ece016103251b0142be9c68e1672e13462f0d53e3f3cdfcc400ac35f29e50ebe17bd67074dd2
-
SSDEEP
3072:gB2/NrEldVcgsiBwd2Je4eNdojgeABdfBAPb+yEgINjcwAC8OC+z8Qnl:9eqrOwd2pGSjFAf5A6dgI1cwI+zL
Score10/10-
Detects PlugX payload
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-