plugx | 3f5c2045c0cdaab917b612ac86706d904912415c2485ec5801edf74a3a485154 | Triage

Submit
Reports

Overview

overview

Static

static

3

PS/RsTray.exe

windows7-x64

PS/RsTray.exe

windows10-2004-x64

PS/comserv.dll

windows7-x64

3

PS/comserv.dll

windows10-2004-x64

3

PS/comserv.dll.url

windows7-x64

1

PS/comserv.dll.url

windows10-2004-x64

1

Sharing

General

Target

PS.zip
Size

195KB
Sample

240912-kazkaazapj
MD5

a6d67b9097669be50617a16bdc54222e
SHA1

4e73f91a9503494891a833ce53b8c673e551272b
SHA256

3f5c2045c0cdaab917b612ac86706d904912415c2485ec5801edf74a3a485154
SHA512

207024fce247d55ccc7bd9e87086d521fcd650b5a46707a2b9e5fc86779ac0d32d9be2d00a5c1b1c1cca480188cc7a6060a2496c709dc5991a685e6060c50665
SSDEEP

6144:lJS3Pf/sUN3Kabq7yRa8zlOPk7wAoZO+lhGOrS3lRpgj:633rVKa22RaGOc7eVryMj

Score

10^/10

plugx discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PS/RsTray.exe

Resource

win7-20240903-en

plugx discovery trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

PS/RsTray.exe

Resource

win10v2004-20240802-en

plugx discovery trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

PS/comserv.dll

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

PS/comserv.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

PS/comserv.dll.url

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

PS/comserv.dll.url

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  PS/RsTray.exe
- Size
  
  174KB
- MD5
  
  d65adc7ad95e88fab486707b8c228f17
- SHA1
  
  dfa0589b58a469e34695a22313d184e5352a3282
- SHA256
  
  a3674fef407c354e911a8a6c7d4b991802c47cf6409d6dc32dc84be6312159e2
- SHA512
  
  3c9114610dfc107adec6a6220356607c737499866eba965985bb1f6b9aedbfae529a5432abb8307ce0653580fab9c2580c66d96ef4cdb4319a0fde5ad3c3ac01
- SSDEEP
  
  3072:wq1/mmpPCL8OZwevvCRmvUGmeU1hbFZJslQLRzMaZ:wUmqCL8Oj3XZm5jNLRzVZ
Score

10^/10

plugx discovery trojan
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  PS/comserv.dll
- Size
  
  2KB
- MD5
  
  6d54b4f07a1b92bd6fafe7160b2c887c
- SHA1
  
  6bf4a36e729a2c4156b1280db97252ba8ea7d9b4
- SHA256
  
  653fe0ab7b634e50ba09f962c6357bcf76ce633768aa41dd01d1a93ef83a0a54
- SHA512
  
  32c57ca7ce437fc7712948a6f30733112830ff570d89ca903e5a5bdec43277a19a453df8c027e0835ad1dff2f7927cf973e33efa1847ed608cb6eb534d8163a3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PS/comserv.dll.url
- Size
  
  122KB
- MD5
  
  fe14ef97d52c1c4f4764c36b76f18340
- SHA1
  
  60a931c6607ffe7dabdce33151f7d217b7581175
- SHA256
  
  d8c68c81908ca0b31a773cf78bc59b9d886ba72177b2b4f5a1d9ea46b95ce05e
- SHA512
  
  390366a82817d8e841084744cd879bd7be6ce1dff85e26e9fe4739b709c17718c4e836f2f543c1d84f47096230e2d9dbc6dab6c597acc8ae802c43b1d4ae7f0d
- SSDEEP
  
  3072:eBnOmvZ8umI/EOKv8Lunlsq7yTxeP5oG8zlOPkiwfA:0D/sCLEiq7yleV8zlOPkiwI
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxdiscoverytrojan

behavioral2

plugxdiscoverytrojan

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy