Resubmissions

14-10-2024 12:50

241014-p2y52swdmh 10

14-10-2024 12:48

241014-p11mgs1ajn 3

14-10-2024 12:42

241014-pxkrvswbpf 3

General

  • Target

    AvastSvcZEg.zip

  • Size

    152KB

  • Sample

    241014-p2y52swdmh

  • MD5

    ed43370a0412ea28d7048056cd5625af

  • SHA1

    a8373cb02f1e2a903a72abc0b095c6f2aec76ea3

  • SHA256

    72a7b8fe4b8401120124e8f9460bfd457fbf76b70a0c057b58ff271c5b2aadca

  • SHA512

    7018988e3488297739c2f08ac1136300f38eee2956750a2ff4d4832751a5d17f2524abcefd00249f5e614178a15552e351c7f468fba6eab6784325723c88aa93

  • SSDEEP

    3072:uemqs4Y+6AmQ13r3ml90Ap1LpEc4PMdw6zRRxdEVxOyHKTjg3y26jiv6:dvh39D21PEc8Mdw6tOVAXs356

Malware Config

Extracted

Family

plugx

C2

103.56.53.46:80

103.56.53.46:110

103.56.53.46:443

103.56.53.46:5938

Attributes
  • folder

    AvastSvcZEg

Targets

    • Target

      AvastSvcZEg/AvastSvc.exe

    • Size

      60KB

    • MD5

      a72036f635cecf0dcb1e9c6f49a8fa5b

    • SHA1

      049813b955db1dd90952657ae2bd34250153563e

    • SHA256

      85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654

    • SHA512

      e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2

    • SSDEEP

      768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks