plugx | a0b1b2960c06849e66e36c739829d409d03870e400d6402f438e80741cb2ef34 | Triage

Sharing

General

Target

aa.rar
Size

191KB
Sample

240426-r2ht6sdg43
MD5

1f5da599ec39b53f38093acb1d77d8e4
SHA1

f2c6a5094baed51cb35151271394bd208226fc6d
SHA256

a0b1b2960c06849e66e36c739829d409d03870e400d6402f438e80741cb2ef34
SHA512

e9e21285bca2156b6320a60a4d2de1e67ac266e4483663b8bb47569b357ff8e287149f5dbe6b0fe88d3ed898f96ce12e3394378e684722ddee9cc1d930237a0c
SSDEEP

3072:QFkxQpxPrp85bdiA7OW6QyxrWHONGmLnSxMs8a2HOeAtz3z0a4Gn8:Qf7sEA7Odhx1fat2ub7T/n8

Score

10^/10

plugx persistence trojan

Malware Config

Extracted

Family

plugx

C2

45.251.240.55:443

45.251.240.55:8080

45.251.240.55:8000

Mutex

EDysZYTmoiuUydWatmWb

Attributes

folder
AAM UpdatesHtA

Targets

- Target
  
  aa.rar
- Size
  
  191KB
- MD5
  
  1f5da599ec39b53f38093acb1d77d8e4
- SHA1
  
  f2c6a5094baed51cb35151271394bd208226fc6d
- SHA256
  
  a0b1b2960c06849e66e36c739829d409d03870e400d6402f438e80741cb2ef34
- SHA512
  
  e9e21285bca2156b6320a60a4d2de1e67ac266e4483663b8bb47569b357ff8e287149f5dbe6b0fe88d3ed898f96ce12e3394378e684722ddee9cc1d930237a0c
- SSDEEP
  
  3072:QFkxQpxPrp85bdiA7OW6QyxrWHONGmLnSxMs8a2HOeAtz3z0a4Gn8:Qf7sEA7Odhx1fat2ub7T/n8
Score

10^/10

plugx persistence trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

plugxpersistencetrojan