Overview

overview

10

Static

static

3

AvastSvcZEg.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AvastSvcZEg.zip

  • Size

    154KB

  • Sample

    240925-mkfahazgrn

  • MD5

    4672c97ef72cfa9845126c6c19a0303d

  • SHA1

    a64ca5018acb426de38f2b20ff9be956d6c35600

  • SHA256

    47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

  • SHA512

    7943fe72e1f16ea034f781abe92b415118987ce87c1f74ae98cf4fcccd976c1622f935d2b211ef9c9a827d18af4c8214a738a254f63aa61de44bf707e7a0a433

  • SSDEEP

    3072:jLGN6+o/5GJB8YoaxwbybSNqnjdNArfqesO89pVBvDjvKWU7bK6GWQ:/G/2ooPHc2yesR9xDTKWU7prQ

Score
10/10
plugxdiscoverypersistencetrojan

Malware Config

Extracted

Family

plugx

C2

103.56.53.46:80

103.56.53.46:110

103.56.53.46:443

103.56.53.46:5938
Attributes
  • folder

    AvastSvcZEg

Targets

    • Target

      AvastSvcZEg.zip

    • Size

      154KB

    • MD5

      4672c97ef72cfa9845126c6c19a0303d

    • SHA1

      a64ca5018acb426de38f2b20ff9be956d6c35600

    • SHA256

      47521a28f2aec3de8db28f63a88f3af567f7e40228acc5924673f23cd039199f

    • SHA512

      7943fe72e1f16ea034f781abe92b415118987ce87c1f74ae98cf4fcccd976c1622f935d2b211ef9c9a827d18af4c8214a738a254f63aa61de44bf707e7a0a433

    • SSDEEP

      3072:jLGN6+o/5GJB8YoaxwbybSNqnjdNArfqesO89pVBvDjvKWU7bK6GWQ:/G/2ooPHc2yesR9xDTKWU7prQ

    Score
    10/10
    plugxdiscoverypersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks