plugx | 72a7b8fe4b8401120124e8f9460bfd457fbf76b70a0c057b58ff271c5b2aadca | Triage

Resubmissions

14-10-2024 13:09

241014-qd9sbawhrb 10

14-10-2024 13:03

241014-qagx5a1crn 10

14-10-2024 12:59

241014-p76gba1ckm 10

14-10-2024 12:57

241014-p63zsswfjd 10

14-10-2024 12:55

241014-p52qcawepe 3

14-10-2024 12:54

241014-p4832awelh 3

14-10-2024 12:52

241014-p35dfswejd 10

Sharing

General

Target

AvastSvcZEg.zip
Size

152KB
Sample

241014-p63zsswfjd
MD5

ed43370a0412ea28d7048056cd5625af
SHA1

a8373cb02f1e2a903a72abc0b095c6f2aec76ea3
SHA256

72a7b8fe4b8401120124e8f9460bfd457fbf76b70a0c057b58ff271c5b2aadca
SHA512

7018988e3488297739c2f08ac1136300f38eee2956750a2ff4d4832751a5d17f2524abcefd00249f5e614178a15552e351c7f468fba6eab6784325723c88aa93
SSDEEP

3072:uemqs4Y+6AmQ13r3ml90Ap1LpEc4PMdw6zRRxdEVxOyHKTjg3y26jiv6:dvh39D21PEc8Mdw6tOVAXs356

Score

10^/10

plugx discovery persistence trojan

Malware Config

Extracted

Family

plugx

C2

103.56.53.46:80

103.56.53.46:110

103.56.53.46:443

103.56.53.46:5938

Attributes

folder
AvastSvcZEg

Targets

- Target
  
  AvastSvcZEg/AvastSvc.exe
- Size
  
  60KB
- MD5
  
  a72036f635cecf0dcb1e9c6f49a8fa5b
- SHA1
  
  049813b955db1dd90952657ae2bd34250153563e
- SHA256
  
  85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654
- SHA512
  
  e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2
- SSDEEP
  
  768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD
Score

10^/10

plugx discovery persistence trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxdiscoverypersistencetrojan