Overview

overview

10

Static

static

1

AdbWinApi.dll

windows7-x64

3

AdbWinApi.dll

windows10-2004-x64

3

adb.exe

windows7-x64

10

adb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e2ee75c036734c2186ddfbf5afc26364957d0f5701f28d913908cdfc29752f3.rar

  • Size

    496KB

  • Sample

    241117-jw1tsszjem

  • MD5

    1138a8f8e626762b4a76d9b705ce3aca

  • SHA1

    37377b6a5b505bddaf93a1d70bc9a0010b603140

  • SHA256

    2e2ee75c036734c2186ddfbf5afc26364957d0f5701f28d913908cdfc29752f3

  • SHA512

    7a3987a7b3ff55737b7e1860d3a38891050e27e59fe70d05972f2c758f8c80e1ce86f23f6534adab9b2ad94bb95bfa9cb16b4df2cbc8139dfdc0a555157af812

  • SSDEEP

    6144:T4n2suh/MuV9BGzKrmsfEvgZ74V8H2Sktaqr96k+w2t9XWxJk+803GJAhzRwtyHE:6Tu/MIsKrBsotuPaNw2jS3p3GO1HBR/k

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      AdbWinApi.dll

    • Size

      39KB

    • MD5

      ee5aca085318338c4d9ca42dae966b0c

    • SHA1

      b47fef6dbb5982b4159533ee1dfecef6c285a262

    • SHA256

      7050084c99d02f2e837207bff7a13a261d5435589771e9dc3f0db38841b97942

    • SHA512

      3e8bedb69537cb0d809e63b8bad79b533d8ab2862d282d4ef331171331ce53aba8389886689c866ee3e5cf5568e17303d8c485e40914067c183aa729131255a0

    • SSDEEP

      384:SmX2Gj6sdipcJvy22fYPZaTh8T5e6OITkhUeKlrt+1nu6EDHvxtdn1XoNCLyOMk9:SFQyPghaQeITkhhWBmnTED5bLyRyu5

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      adb.exe

    • Size

      804KB

    • MD5

      790fb1184a3ed8e475263daa54f98469

    • SHA1

      37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    • SHA256

      ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    • SHA512

      66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    • SSDEEP

      12288:CMLitTtq+E3vEtR1PcUjB2ZuTvD5lnT7SQ22v9dzW74hGO2fVpUGpZdT3Rr8tz:CP5mC1P1jB2kv1xf9M4cThr8tz

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Plugx family

      plugx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks