Extracted

• • Target

    AvastSvcZEg/AvastSvc.exe

  • Size

    60KB

  • MD5

    a72036f635cecf0dcb1e9c6f49a8fa5b

  • SHA1

    049813b955db1dd90952657ae2bd34250153563e

  • SHA256

    85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654

  • SHA512

    e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2

  • SSDEEP

    768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

  Score

  10^/10

  plugxdiscoverypersistencetrojan

  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2

• • Target

    AvastSvcZEg/wsc.dll

  • Size

    52KB

  • MD5

    831252e7fa9bd6fa174715647ebce516

  • SHA1

    bf8c5bf141f0db53000805f2629e6e031d137ceb

  • SHA256

    6491c646397025bf02709f1bd3025f1622abdc89b550ac38ce6fac938353b954

  • SHA512

    0be6e898dcb75b32358bb8c2214e7b9453034ecfbe71d092df75b186a28f97ae7d5737f010b9d9e781c6b4cf3da19ee4a7cf5002604d23c527c55a3f7a0dba04

  • SSDEEP

    768:ctRTzgT291lvLotXKUoImwKvuZ+UHo4QIkfbZoN:ctRHgTWPcpmwKf4X2oN

  Score

  3^/10

  discovery
  behavioral3behavioral4