plugx | 00fbfaf36114d3ff9e2c43885341f1c02fade82b49d1cf451bc756d992c84b06 | Triage

Sharing

General

Target

00fbfaf36114d3ff9e2c43885341f1c02fade82b49d1cf451bc756d992c84b06
Size

157KB
Sample

241210-y7gydsxmds
MD5

c1c9624b21f71e4565b941a37db3815a
SHA1

1c251974b2e6f110d96af5b23ad036954ba15e4e
SHA256

00fbfaf36114d3ff9e2c43885341f1c02fade82b49d1cf451bc756d992c84b06
SHA512

ba97a667c492f662784aed68df3f623eb2391d48e81036c10e35211c20e4bdcfefd013ab8b825fb15f41fdc3c22582cf041f8e1cced24d584a218badd4e79b6b
SSDEEP

3072:c8BHz/pBz9AycS0lEm2DchuhmE62duNkKa2W75u57cXehC9v:cgz/pnUS5chuHfu/aTI4Xeha

Score

10^/10

plugx discovery persistence trojan

Malware Config

Extracted

Family

plugx

C2

45.142.166.112:443

45.142.166.112:110

Attributes

folder
AvastSvcpCP

Targets

- Target
  
  AvastSvcpCP/AvastSvc.exe
- Size
  
  60KB
- MD5
  
  a72036f635cecf0dcb1e9c6f49a8fa5b
- SHA1
  
  049813b955db1dd90952657ae2bd34250153563e
- SHA256
  
  85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654
- SHA512
  
  e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2
- SSDEEP
  
  768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD
Score

10^/10

plugx discovery persistence trojan
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Plugx family
  plugx
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  AvastSvcpCP/wsc.dll
- Size
  
  80KB
- MD5
  
  722b15bbc15845e4e265a1519c800c34
- SHA1
  
  56bac516227d9fddc08ca586dba5c9085d203f99
- SHA256
  
  e8f55d0f327fd1d5f26428b890ef7fe878e135d494acda24ef01c695a2e9136d
- SHA512
  
  a925614f3e89e37198d875670b3844449d6ab77728d53c1a06a5db035b7117a0b61cd8ada0022b6b5e0e8d6fad9417561a82cdbb5b288273c60b1469816a9d0d
- SSDEEP
  
  1536:HEI2BTzyutxs8TLWyEL59s6TaIret4R27t2Wfu63y:H+WTLHI4RQt2Wfri
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

plugxdiscoverypersistencetrojan

behavioral2

plugxdiscoverypersistencetrojan

behavioral3

behavioral4