General
-
Target
plexqt_setup_7.3.0.exe
-
Size
54.0MB
-
Sample
241012-qk2ehssdrc
-
MD5
a961788306df3355b519701a8916cc71
-
SHA1
1638cd7b80b05d9fe4d7bae66d622f96f21ebe7a
-
SHA256
665382cc9308a4226f5fb4eca1c279fe366a5dd11e761b7422618af80b7119d5
-
SHA512
43ac09821912bc80ce8ee5b4449e108c2ce32240bca5e966aed50674011cec647b737e67e2a10a49743ea00ecbc6883e3165d279b63a4094a770f563339acdb8
-
SSDEEP
1572864:3QBLLkJ9I0kY1JSzHtJzLVFdGEQFnNnf0NF:4wfIb9HTzB7PQFnNnM/
Malware Config
Targets
-
-
Target
plexqt_setup_7.3.0.exe
-
Size
54.0MB
-
MD5
a961788306df3355b519701a8916cc71
-
SHA1
1638cd7b80b05d9fe4d7bae66d622f96f21ebe7a
-
SHA256
665382cc9308a4226f5fb4eca1c279fe366a5dd11e761b7422618af80b7119d5
-
SHA512
43ac09821912bc80ce8ee5b4449e108c2ce32240bca5e966aed50674011cec647b737e67e2a10a49743ea00ecbc6883e3165d279b63a4094a770f563339acdb8
-
SSDEEP
1572864:3QBLLkJ9I0kY1JSzHtJzLVFdGEQFnNnf0NF:4wfIb9HTzB7PQFnNnM/
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1