plugx | bc1c02ee6e4d533847e586205284c7cc4d69909b2bd9c6781c92c766384405f2 | Triage

Submit
Reports

Overview

overview

Static

static

3

d3ae29e371...18.exe

windows7-x64

d3ae29e371...18.exe

windows10-2004-x64

Sharing

General

Target

d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118
Size

252KB
Sample

240908-gf8hlazelp
MD5

d3ae29e3719d5fd68d31bf3c4d9eac30
SHA1

8739e0f1800b0a89c48e400bd36a705c39bf1c4d
SHA256

bc1c02ee6e4d533847e586205284c7cc4d69909b2bd9c6781c92c766384405f2
SHA512

db2cb32a5dd1fbb061e1755a48b1b9b1c35ba01a2405e5f26f5afb4f0ead8ccee3f001e6d8178e134ac65eb7b5b2eed064c978ef0fd72188805eefa8245130bf
SSDEEP

6144:Qkp72oN2xBsSc6HHLHEKrNhKb1prrTYJR/zMCZf:QkX+sgHLEKphKb1pnYb

Score

10^/10

plugx discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118.exe

Resource

win7-20240903-en

plugx discovery persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118.exe

Resource

win10v2004-20240802-en

plugx discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3ae29e3719d5fd68d31bf3c4d9eac30_JaffaCakes118
- Size
  
  252KB
- MD5
  
  d3ae29e3719d5fd68d31bf3c4d9eac30
- SHA1
  
  8739e0f1800b0a89c48e400bd36a705c39bf1c4d
- SHA256
  
  bc1c02ee6e4d533847e586205284c7cc4d69909b2bd9c6781c92c766384405f2
- SHA512
  
  db2cb32a5dd1fbb061e1755a48b1b9b1c35ba01a2405e5f26f5afb4f0ead8ccee3f001e6d8178e134ac65eb7b5b2eed064c978ef0fd72188805eefa8245130bf
- SSDEEP
  
  6144:Qkp72oN2xBsSc6HHLHEKrNhKb1prrTYJR/zMCZf:QkX+sgHLEKphKb1pnYb
Score

10^/10

plugx discovery persistence trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxdiscoverypersistencetrojan

behavioral2

plugxdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy