Overview

overview

10

Static

static

3

arpReport.exe

windows7-x64

10

arpReport.exe

windows10-2004-x64

10

arphadump.dll

windows7-x64

3

arphadump.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ArainsToolser.zip

  • Size

    3.0MB

  • Sample

    240911-bysbfaxarf

  • MD5

    279ddeb89a3a6f10b07c4e345a18ff4c

  • SHA1

    4f10c7009f680d0f7254c1beed40de1d2de7c292

  • SHA256

    d2727538c887f2f523a637d6385d68b125d60935b4084512fb3e1eba47e70c76

  • SHA512

    66160aa10de569f1c9d6524a83531531c1ca36b00fc3c92e415d99439e7ff57d592f2f67469fba9f7557a4481195cf60ecbf878eaa0aac4a231eb7da8982dbbb

  • SSDEEP

    49152:PczpoHHC9CkKfUBvDD+JpqU4Fz7kos/jPaG2B0FGI5RrBY79yXYma:Pc9DCDyDDmz4ZkD/jJ2dSva

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      arpReport.exe

    • Size

      189KB

    • MD5

      e9d05f7176aab86c6754ba89cb06d768

    • SHA1

      f0e80278eab18ed61dcb473fb42419186fcc8b35

    • SHA256

      6840e6e2a2b4555db025c331b41d426387e8d6397fd5917fad29d3893fb1886f

    • SHA512

      100b1020ac2d67b10d5ff7f7b3423b0706fa0250c90dad9d0155064e52ab6bb2226e8cd9be4ea5e8eba91b91d5f399e82ec166fef0a9fef3cccc35963113fda1

    • SSDEEP

      3072:SJg3FNLpWK6weGrE8tU3xvz0tcK4hYanD9EvQiorztXkF6ODVgCl4LDVXcCSfHR9:SJgVV8K6VGrE8y3CtcKn6yv8zRkDVK5w

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes itself

    behavioral1behavioral2

    • Target

      arphadump.dll

    • Size

      7.2MB

    • MD5

      e4ac1288b36eb34ec356012716573a5c

    • SHA1

      dfaf779547b3989d72f75a91dbba20a3a15d4b96

    • SHA256

      9e10d98024db6f6748433918288232cc1e55bea916146729be40dc0e53615393

    • SHA512

      5f6921a62bee16a695215ead02fa10f6ae7ec844c9826a063824487519e03b0c674f6802273f13cb23e1daca2f7e9b9b723359d2b9aa9183821ec1234a334463

    • SSDEEP

      98304:WfGAF3IZQRiTozYnHctd8/YTqOHyjt7ygsOMW6:4uRoznfq1NsM

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks