General

  • Target

    .zip

  • Size

    3.0MB

  • Sample

    240911-gjbm2awemg

  • MD5

    f4daf015246f6a42787dbe3d6dc6b3f9

  • SHA1

    2046f7c8105af96f889cd42281d29c1e3412bd7d

  • SHA256

    729fa433582f3574ce99d37869a6fc0bc8bd56fc5230d7a9d50a4d4699c485f1

  • SHA512

    a21823d02d150a1480b5ac0e95a85890fbe869a95c5910c733bb6f825215d4e0727a104432cf910abdf54165fae332eb839e56ac6d90abadb41e9edef57bf56c

  • SSDEEP

    49152:mczpoHHC9CkKfUBvDD+JpqU4Fz7kos/jPaG2B0FGI5RrBY79yKZmr:mc9DCDyDDmz4ZkD/jJ2dLsr

Score
10/10

Malware Config

Targets

    • Target

      ArainsToolser/arpReport.exe

    • Size

      189KB

    • MD5

      e9d05f7176aab86c6754ba89cb06d768

    • SHA1

      f0e80278eab18ed61dcb473fb42419186fcc8b35

    • SHA256

      6840e6e2a2b4555db025c331b41d426387e8d6397fd5917fad29d3893fb1886f

    • SHA512

      100b1020ac2d67b10d5ff7f7b3423b0706fa0250c90dad9d0155064e52ab6bb2226e8cd9be4ea5e8eba91b91d5f399e82ec166fef0a9fef3cccc35963113fda1

    • SSDEEP

      3072:SJg3FNLpWK6weGrE8tU3xvz0tcK4hYanD9EvQiorztXkF6ODVgCl4LDVXcCSfHR9:SJgVV8K6VGrE8y3CtcKn6yv8zRkDVK5w

    Score
    10/10
    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes itself

    • Target

      ArainsToolser/arphadump.dll

    • Size

      7.2MB

    • MD5

      e4ac1288b36eb34ec356012716573a5c

    • SHA1

      dfaf779547b3989d72f75a91dbba20a3a15d4b96

    • SHA256

      9e10d98024db6f6748433918288232cc1e55bea916146729be40dc0e53615393

    • SHA512

      5f6921a62bee16a695215ead02fa10f6ae7ec844c9826a063824487519e03b0c674f6802273f13cb23e1daca2f7e9b9b723359d2b9aa9183821ec1234a334463

    • SSDEEP

      98304:WfGAF3IZQRiTozYnHctd8/YTqOHyjt7ygsOMW6:4uRoznfq1NsM

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks