plugx | e893dbe6b911e8faea85dad69061e2755ef52db23bc5163f7c5dfd4138f29d6e | Triage

Submit
Reports

Overview

overview

Static

static

7

kdump64.dll

windows7-x64

7

kdump64.dll

windows10-2004-x64

7

wps.exe

windows7-x64

wps.exe

windows10-2004-x64

Sharing

General

Target

e893dbe6b911e8faea85dad69061e2755ef52db23bc5163f7c5dfd4138f29d6e
Size

364KB
Sample

241223-wd1gjawpcp
MD5

4e8ddbbb780ed54690dc219a3120edb4
SHA1

9fbecaf37a0679b668bc31d4c4ae1a331d46be39
SHA256

e893dbe6b911e8faea85dad69061e2755ef52db23bc5163f7c5dfd4138f29d6e
SHA512

8344f13282047055647b2419226c02810f51baa0c1041b51baf1cdedefcdec0418e38b4b999a806470a64efa8f3dbffc823eb029b987df25e82a58bb17e2b17e
SSDEEP

6144:yVIIuZIIqV7bCJvcsYrHiWdXjwDA++nO2VSD2EdHUhb9uwPn/Dxd:yVI9Ij5mCskHlUDA+iOL1HUhb9xxd

Score

10^/10

plugx trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

kdump64.dll

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

kdump64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

wps.exe

Resource

win7-20240903-en

plugx trojan vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral4

Sample

wps.exe

Resource

win10v2004-20241007-en

plugx trojan vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  kdump64.dll
- Size
  
  148KB
- MD5
  
  d5dcfc5ac42bcba55a1170756f3493f4
- SHA1
  
  1bcefa919e0c9c1d114ed6384e4aff8f316482de
- SHA256
  
  8ba00843b9aba2cff6f2234a7daf040aadfebce4c05b13061da63b48f63bfa4f
- SHA512
  
  dbaf78188b53629d667bdcb4fcdc0c35045e77330bbe209739c86fbe2d7c2ba04b3adeedc6576186e1af20f8eb373a9788ed3b0050f80f61485475dcf23b0a24
- SSDEEP
  
  3072:+hNbJ07kFlBFBTmIw61ReXqiZmh1rx3o1v6Al7JyvITb/:+nbOcB76IJPevmh46Al3
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  wps.exe
- Size
  
  177KB
- MD5
  
  f44992d14033a2b5b1064104658a29e1
- SHA1
  
  62673aa6e8bde17f218524cbe3bf50cb5b949f3b
- SHA256
  
  331f64d6d6bf7883ed8a3c29ab8ce3bf947aaecf49748a7a2b5113ced68607a4
- SHA512
  
  9a57d5765e9dcff8caccf8b51449bfd8d35f9c346c9a09a5c64a7229136490bc1cb5a3f07c8d9c75aaf48e16e01700c3d6674fc1b8d170ce927913c4130bc31b
- SSDEEP
  
  3072:65nSsRkXPsSadfviPNPVY5bYm1wkUBL/1cAR+oOb5vENb/fZOKeb0WhmNNdnLeny:65SsRkXPYGPG5cm6Bd3oEt/fZOaBi/fi
Score

10^/10

plugx trojan vmprotect
- Detects PlugX payload
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- Plugx family
  plugx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

plugxtrojanvmprotect

behavioral4

plugxtrojanvmprotect

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.