Overview

overview

10

Static

static

3

PS/RsTray.exe

windows7-x64

10

PS/RsTray.exe

windows10-2004-x64

10

PS/comserv.dll

windows7-x64

1

PS/comserv.dll

windows10-2004-x64

1

PS/comserv.dll.url

windows7-x64

1

PS/comserv.dll.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PS.zip

  • Size

    197KB

  • Sample

    240607-jyx6paeb69

  • MD5

    f2d018a4fb8c8a9e313c61fb1617c344

  • SHA1

    8c912cbb3dc1f9c8909fded0cf14d99032be58ad

  • SHA256

    0187a11496437b76b2401bc6136432547b6bcdaca30f2b7d16e4d39f47d5c3ee

  • SHA512

    7a9d0bb3dff3fd37588a0bd97b37cbbe87615175f6c43afacbcd5ff52a94099c8b9f6e1325eda794b990f58c2825afe988d79e95f5eac35763de585a3302964a

  • SSDEEP

    6144:HcS3At/seLE2q7yteF8zlOPkrwa2xx/08g/zIXIPQ9:H/3gif2teFGOcrEVgLUIPC

Score
10/10
plugxtrojan

Malware Config

Targets

    • Target

      PS/RsTray.exe

    • Size

      174KB

    • MD5

      d65adc7ad95e88fab486707b8c228f17

    • SHA1

      dfa0589b58a469e34695a22313d184e5352a3282

    • SHA256

      a3674fef407c354e911a8a6c7d4b991802c47cf6409d6dc32dc84be6312159e2

    • SHA512

      3c9114610dfc107adec6a6220356607c737499866eba965985bb1f6b9aedbfae529a5432abb8307ce0653580fab9c2580c66d96ef4cdb4319a0fde5ad3c3ac01

    • SSDEEP

      3072:wq1/mmpPCL8OZwevvCRmvUGmeU1hbFZJslQLRzMaZ:wUmqCL8Oj3XZm5jNLRzVZ

    Score
    10/10
    plugxtrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      PS/comserv.dll

    • Size

      2KB

    • MD5

      6d54b4f07a1b92bd6fafe7160b2c887c

    • SHA1

      6bf4a36e729a2c4156b1280db97252ba8ea7d9b4

    • SHA256

      653fe0ab7b634e50ba09f962c6357bcf76ce633768aa41dd01d1a93ef83a0a54

    • SHA512

      32c57ca7ce437fc7712948a6f30733112830ff570d89ca903e5a5bdec43277a19a453df8c027e0835ad1dff2f7927cf973e33efa1847ed608cb6eb534d8163a3

    Score
    1/10
    behavioral3behavioral4

    • Target

      PS/comserv.dll.url

    • Size

      122KB

    • MD5

      fe14ef97d52c1c4f4764c36b76f18340

    • SHA1

      60a931c6607ffe7dabdce33151f7d217b7581175

    • SHA256

      d8c68c81908ca0b31a773cf78bc59b9d886ba72177b2b4f5a1d9ea46b95ce05e

    • SHA512

      390366a82817d8e841084744cd879bd7be6ce1dff85e26e9fe4739b709c17718c4e836f2f543c1d84f47096230e2d9dbc6dab6c597acc8ae802c43b1d4ae7f0d

    • SSDEEP

      3072:eBnOmvZ8umI/EOKv8Lunlsq7yTxeP5oG8zlOPkiwfA:0D/sCLEiq7yleV8zlOPkiwI

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks