Overview

overview

10

Static

static

3

36877a5b3c...18.exe

windows7-x64

10

36877a5b3c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36877a5b3cc6e763976ca0ba166991cc_JaffaCakes118

  • Size

    437KB

  • Sample

    241011-yknsesvfnk

  • MD5

    36877a5b3cc6e763976ca0ba166991cc

  • SHA1

    4f48f82a7dc50051328b124a9e377bd2a9868b05

  • SHA256

    ab04624c6c23905350f2526ee1813f7a7d4519b2351158e73d9465e4b68c36c5

  • SHA512

    c650150584955e030a7249aef3eece9114d77fdcf9ef51180a44322de91de49212f832c951dfb3184cb3cb60a5e7c3a073d1269aee41f769f6e5d9bc11bffd8c

  • SSDEEP

    12288:vkWAehJuqT4SPkDh1e2EEwkbBHClfuwiSg705/9j:vkWAAuqkAwJwYHufc7s/B

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      36877a5b3cc6e763976ca0ba166991cc_JaffaCakes118

    • Size

      437KB

    • MD5

      36877a5b3cc6e763976ca0ba166991cc

    • SHA1

      4f48f82a7dc50051328b124a9e377bd2a9868b05

    • SHA256

      ab04624c6c23905350f2526ee1813f7a7d4519b2351158e73d9465e4b68c36c5

    • SHA512

      c650150584955e030a7249aef3eece9114d77fdcf9ef51180a44322de91de49212f832c951dfb3184cb3cb60a5e7c3a073d1269aee41f769f6e5d9bc11bffd8c

    • SSDEEP

      12288:vkWAehJuqT4SPkDh1e2EEwkbBHClfuwiSg705/9j:vkWAAuqkAwJwYHufc7s/B

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks