General

  • Target

    47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

  • Size

    154KB

  • Sample

    240925-mfkpestcmc

  • MD5

    4672c97ef72cfa9845126c6c19a0303d

  • SHA1

    a64ca5018acb426de38f2b20ff9be956d6c35600

  • SHA256

    47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

  • SHA512

    7943fe72e1f16ea034f781abe92b415118987ce87c1f74ae98cf4fcccd976c1622f935d2b211ef9c9a827d18af4c8214a738a254f63aa61de44bf707e7a0a433

  • SSDEEP

    3072:jLGN6+o/5GJB8YoaxwbybSNqnjdNArfqesO89pVBvDjvKWU7bK6GWQ:/G/2ooPHc2yesR9xDTKWU7prQ

Malware Config

Extracted

Family

plugx

C2

103.56.53.46:80

103.56.53.46:110

103.56.53.46:443

103.56.53.46:5938

Attributes
  • folder

    AvastSvcZEg

Targets

    • Target

      AvastSvcZEg/AvastSvc.exe

    • Size

      60KB

    • MD5

      a72036f635cecf0dcb1e9c6f49a8fa5b

    • SHA1

      049813b955db1dd90952657ae2bd34250153563e

    • SHA256

      85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654

    • SHA512

      e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2

    • SSDEEP

      768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      AvastSvcZEg/wsc.dll

    • Size

      52KB

    • MD5

      831252e7fa9bd6fa174715647ebce516

    • SHA1

      bf8c5bf141f0db53000805f2629e6e031d137ceb

    • SHA256

      6491c646397025bf02709f1bd3025f1622abdc89b550ac38ce6fac938353b954

    • SHA512

      0be6e898dcb75b32358bb8c2214e7b9453034ecfbe71d092df75b186a28f97ae7d5737f010b9d9e781c6b4cf3da19ee4a7cf5002604d23c527c55a3f7a0dba04

    • SSDEEP

      768:ctRTzgT291lvLotXKUoImwKvuZ+UHo4QIkfbZoN:ctRHgTWPcpmwKf4X2oN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks