General

  • Target

    3f5c2045c0cdaab917b612ac86706d904912415c2485ec5801edf74a3a485154

  • Size

    195KB

  • Sample

    241210-xymlvazmer

  • MD5

    a6d67b9097669be50617a16bdc54222e

  • SHA1

    4e73f91a9503494891a833ce53b8c673e551272b

  • SHA256

    3f5c2045c0cdaab917b612ac86706d904912415c2485ec5801edf74a3a485154

  • SHA512

    207024fce247d55ccc7bd9e87086d521fcd650b5a46707a2b9e5fc86779ac0d32d9be2d00a5c1b1c1cca480188cc7a6060a2496c709dc5991a685e6060c50665

  • SSDEEP

    6144:lJS3Pf/sUN3Kabq7yRa8zlOPk7wAoZO+lhGOrS3lRpgj:633rVKa22RaGOc7eVryMj

Score
10/10

Malware Config

Targets

    • Target

      PS/RsTray.exe

    • Size

      174KB

    • MD5

      d65adc7ad95e88fab486707b8c228f17

    • SHA1

      dfa0589b58a469e34695a22313d184e5352a3282

    • SHA256

      a3674fef407c354e911a8a6c7d4b991802c47cf6409d6dc32dc84be6312159e2

    • SHA512

      3c9114610dfc107adec6a6220356607c737499866eba965985bb1f6b9aedbfae529a5432abb8307ce0653580fab9c2580c66d96ef4cdb4319a0fde5ad3c3ac01

    • SSDEEP

      3072:wq1/mmpPCL8OZwevvCRmvUGmeU1hbFZJslQLRzMaZ:wUmqCL8Oj3XZm5jNLRzVZ

    Score
    10/10
    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • Plugx family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      PS/comserv.dll

    • Size

      2KB

    • MD5

      6d54b4f07a1b92bd6fafe7160b2c887c

    • SHA1

      6bf4a36e729a2c4156b1280db97252ba8ea7d9b4

    • SHA256

      653fe0ab7b634e50ba09f962c6357bcf76ce633768aa41dd01d1a93ef83a0a54

    • SHA512

      32c57ca7ce437fc7712948a6f30733112830ff570d89ca903e5a5bdec43277a19a453df8c027e0835ad1dff2f7927cf973e33efa1847ed608cb6eb534d8163a3

    Score
    3/10
    • Target

      PS/comserv.dll.url

    • Size

      122KB

    • MD5

      fe14ef97d52c1c4f4764c36b76f18340

    • SHA1

      60a931c6607ffe7dabdce33151f7d217b7581175

    • SHA256

      d8c68c81908ca0b31a773cf78bc59b9d886ba72177b2b4f5a1d9ea46b95ce05e

    • SHA512

      390366a82817d8e841084744cd879bd7be6ce1dff85e26e9fe4739b709c17718c4e836f2f543c1d84f47096230e2d9dbc6dab6c597acc8ae802c43b1d4ae7f0d

    • SSDEEP

      3072:eBnOmvZ8umI/EOKv8Lunlsq7yTxeP5oG8zlOPkiwfA:0D/sCLEiq7yleV8zlOPkiwI

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks