General

  • Target

    AvastSvcZEg.zip

  • Size

    154KB

  • Sample

    240925-mkfahazgrn

  • MD5

    4672c97ef72cfa9845126c6c19a0303d

  • SHA1

    a64ca5018acb426de38f2b20ff9be956d6c35600

  • SHA256

    47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

  • SHA512

    7943fe72e1f16ea034f781abe92b415118987ce87c1f74ae98cf4fcccd976c1622f935d2b211ef9c9a827d18af4c8214a738a254f63aa61de44bf707e7a0a433

  • SSDEEP

    3072:jLGN6+o/5GJB8YoaxwbybSNqnjdNArfqesO89pVBvDjvKWU7bK6GWQ:/G/2ooPHc2yesR9xDTKWU7prQ

Malware Config

Extracted

Family

plugx

C2

103.56.53.46:80

103.56.53.46:110

103.56.53.46:443

103.56.53.46:5938

Attributes
  • folder

    AvastSvcZEg

Targets

    • Target

      AvastSvcZEg.zip

    • Size

      154KB

    • MD5

      4672c97ef72cfa9845126c6c19a0303d

    • SHA1

      a64ca5018acb426de38f2b20ff9be956d6c35600

    • SHA256

      47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

    • SHA512

      7943fe72e1f16ea034f781abe92b415118987ce87c1f74ae98cf4fcccd976c1622f935d2b211ef9c9a827d18af4c8214a738a254f63aa61de44bf707e7a0a433

    • SSDEEP

      3072:jLGN6+o/5GJB8YoaxwbybSNqnjdNArfqesO89pVBvDjvKWU7bK6GWQ:/G/2ooPHc2yesR9xDTKWU7prQ

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks