Overview

overview

10

Static

static

3

5F9F8AC1F7...D_.doc

windows7-x64

4

5F9F8AC1F7...D_.doc

windows10-2004-x64

1

6B97B3CD2F...et.exe

windows7-x64

1

6B97B3CD2F...et.exe

windows10-2004-x64

3

901FA02FFD...ar.dll

windows7-x64

3

901FA02FFD...ar.dll

windows10-2004-x64

3

C116CD0832..._2.exe

windows7-x64

10

C116CD0832..._2.exe

windows10-2004-x64

10

PlugX_3C74...20.dll

windows7-x64

10

PlugX_3C74...20.dll

windows10-2004-x64

10

originalfi...ae.rtf

windows7-x64

4

originalfi...ae.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeb04e18280b5027f1c299f3b1780961_JaffaCakes118

  • Size

    708KB

  • Sample

    240920-31bv1svgna

  • MD5

    eeb04e18280b5027f1c299f3b1780961

  • SHA1

    4361de0fb7aa2a1f15acd4396a7e1e3a34ff4fc2

  • SHA256

    02cb95700440b100604ece78649b2ef41b2b7ea8ff68afbb02a01148a3f7c106

  • SHA512

    14ad36c1de37272156ed8ab8939c516aca2ab884a206cc372c79253298157d2152df79623ac6f79deee6948665ff7f7376a6776ccee4c8c065fef5eeff858e35

  • SSDEEP

    12288:Iaryqj09i0K3hqGRkyRZ2QSuB38ERqtxS9g2GZb0RJs89F+/dClI3PavIiCVU:vNPOGPLPx8E0xSK2mb0n9F+8lIYIdK

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_

    • Size

      507KB

    • MD5

      5f9f8ac1f749b0637eca6ef15910bf21

    • SHA1

      dae74fc73f98b3b9b6fd094ae512b71e499e3eb5

    • SHA256

      593e4acae0c1e2a708cf986adfd0f4e59ec356c1031a97a65a87404943da94ff

    • SHA512

      6b54f42a83797f332146a9c46a2ec48bc1f00bdfde6f2ff4254ec337a7f6e46d4105ee6f9bf487929323df97f3d633ce2ccbb15866d46482fc1aeaebe14b9d08

    • SSDEEP

      96:TAy6k2M3jwlgNqvoMhx4FAcx4AmGLGQSrWWWuHMIkJMbRVPkMJbxjz8MwKz:srM3jwK8vIfxDqQSfhkJmPkMxw

    Score
    4/10
    discovery
    behavioral1behavioral2

    • Target

      6B97B3CD2FCFB4B74985143230441463_Gadget.exe_

    • Size

      25KB

    • MD5

      6b97b3cd2fcfb4b74985143230441463

    • SHA1

      8985c2394ed9a58c36f907962b0724fe66c204a6

    • SHA256

      5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9

    • SHA512

      736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715

    • SSDEEP

      192:HULB0P1oynsSW42fyu335/wJirNmL/8Qpkqs1Iu55+ebCfN54U6Gn:0Fa1GwK3mirILu1vPbCzvn

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll_

    • Size

      41KB

    • MD5

      901fa02ffd43de5b2d7c8c6b8c2f6a43

    • SHA1

      8bb71adf1c418061510c40240852c3cd61fb214c

    • SHA256

      3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

    • SHA512

      6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

    • SSDEEP

      768:fQ+il+psGX0QEohGEVZ/E2G7k14rQMRkoIQ:fxiYVjE4VZ/ZWRkoI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      C116CD083284CC599C024C3479CA9B70_2.tmp_

    • Size

      225KB

    • MD5

      c116cd083284cc599c024c3479ca9b70

    • SHA1

      bf831962162a0446454e3e32d764cc0e5daafde0

    • SHA256

      90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84

    • SHA512

      d89ac7d971e46ee67f6857a71d3712205d28170320386a83d9cdbda97d270626cf2a0e91e0b866d368c65eb3e47766c20c07a2baeb51feb3fe7b8d98d848e560

    • SSDEEP

      3072:hb2V38tdLIKbEN2HSKjZNPH4cGHk51Kk+u5arueqFl8sLbxDZxWRko5V:hbvkKgN8/RH4hHk5gUUYFl8UmT

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

    • Target

      PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll_

    • Size

      228KB

    • MD5

      3c74a85c2cf883bd9d4b9f8b9746030f

    • SHA1

      40541a03e910b21df681bec69cfe59678ebba86c

    • SHA256

      66bca3f92841b7bffae4d27c3ddb5adbf8084ad40ee0edda1edc1d25f5e1b967

    • SHA512

      15ab0c68e1dc8f5dc87231942f008228fe658ce221efe0ba90dfbfedea7e9cf401cac37098674a1d7cd489c97d061b847f09b86c24453575e2d46d4d9326e29c

    • SSDEEP

      3072:Y3Bb2V38tdLIKbEN2HSKjZNPH4cGHk51Kk+u5arueqFl8sLbxDZxWRko5V:YRbvkKgN8/RH4hHk5gUUYFl8UmT

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae

    • Size

      507KB

    • MD5

      42fba80f105aa53dfbf50aeba2d73cae

    • SHA1

      a49b135a66afba5713936d4758ca5d40f19b9e71

    • SHA256

      ac7d02465d0b1992809e16aaae2cd779470a99e0860c4d8a2785d97ce988667b

    • SHA512

      b42b529585da21bae4d36fb1e9b5f2471e77d87505db91f8859068816d355fdd8b4aaaa922512a8a39259b247b9aeaeba92cfb0ab5140122f83dd163b8ed00cf

    • SSDEEP

      6144:h5LReC+jODUJ6aCujPjtNbShm6YNYa2Zg3:h5o3jOU6aCCtw8p

    Score
    4/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks