Overview

overview

10

Static

static

1

AdbWinApi.dll

windows7-x64

3

AdbWinApi.dll

windows10-2004-x64

3

adb.exe

windows7-x64

10

adb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1138a8f8e626762b4a76d9b705ce3aca.bin

  • Size

    496KB

  • Sample

    241118-bdfrxatng1

  • MD5

    81fc06eda34094119608ce96594eb1ea

  • SHA1

    6d00b80749d50afc84c26cdea70e807c6d74db2b

  • SHA256

    d6ed2d4bfc976010e7a106f6374998449b262108efac22d9562af906149f3b06

  • SHA512

    84b79eb068d292f54fed2681a82c96d103aa45e392cc2dbf36216a3ec94856f3417e7dae6986fed1345f6ad274ce20df5d94084fa4e9563fd4cfc31363125537

  • SSDEEP

    12288:MZzJ5EQ0KmTheN0WSBl9gkPaM+SjYtFULiriii:aXb5YhtljHctYirU

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      AdbWinApi.dll

    • Size

      39KB

    • MD5

      ee5aca085318338c4d9ca42dae966b0c

    • SHA1

      b47fef6dbb5982b4159533ee1dfecef6c285a262

    • SHA256

      7050084c99d02f2e837207bff7a13a261d5435589771e9dc3f0db38841b97942

    • SHA512

      3e8bedb69537cb0d809e63b8bad79b533d8ab2862d282d4ef331171331ce53aba8389886689c866ee3e5cf5568e17303d8c485e40914067c183aa729131255a0

    • SSDEEP

      384:SmX2Gj6sdipcJvy22fYPZaTh8T5e6OITkhUeKlrt+1nu6EDHvxtdn1XoNCLyOMk9:SFQyPghaQeITkhhWBmnTED5bLyRyu5

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      adb.exe

    • Size

      804KB

    • MD5

      790fb1184a3ed8e475263daa54f98469

    • SHA1

      37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    • SHA256

      ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    • SHA512

      66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    • SSDEEP

      12288:CMLitTtq+E3vEtR1PcUjB2ZuTvD5lnT7SQ22v9dzW74hGO2fVpUGpZdT3Rr8tz:CP5mC1P1jB2kv1xf9M4cThr8tz

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Plugx family

      plugx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks