Overview

overview

10

Static

static

3

8fd2ab26d5...8c.exe

windows7-x64

10

8fd2ab26d5...8c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fd2ab26d5397dfcef9a48d4106eec604c8e38b86e2ccc148757a157c83f4f8c

  • Size

    568KB

  • Sample

    250103-vdg5hstlgz

  • MD5

    b60b6387fb18df16e563a5e1b374e080

  • SHA1

    cf69fdb45dc3ab5958997cc411c664a6f49602c9

  • SHA256

    8fd2ab26d5397dfcef9a48d4106eec604c8e38b86e2ccc148757a157c83f4f8c

  • SHA512

    1463a88c6b93896666117c6c33124c23a9de5edb68fd60f65db97794b5e08fd6763cf4f5b929ee8dd0cc7f9a1d03e4be08dceeb95fa74ee62b99a6984658685c

  • SSDEEP

    12288:XTKfDgWulALVZkES0RgGEVhkyA7F3Xl5MB8vTOvcX6C1dcDbpOZZo+NjrDhWg6jJ:OffuCXpo

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      8fd2ab26d5397dfcef9a48d4106eec604c8e38b86e2ccc148757a157c83f4f8c

    • Size

      568KB

    • MD5

      b60b6387fb18df16e563a5e1b374e080

    • SHA1

      cf69fdb45dc3ab5958997cc411c664a6f49602c9

    • SHA256

      8fd2ab26d5397dfcef9a48d4106eec604c8e38b86e2ccc148757a157c83f4f8c

    • SHA512

      1463a88c6b93896666117c6c33124c23a9de5edb68fd60f65db97794b5e08fd6763cf4f5b929ee8dd0cc7f9a1d03e4be08dceeb95fa74ee62b99a6984658685c

    • SSDEEP

      12288:XTKfDgWulALVZkES0RgGEVhkyA7F3Xl5MB8vTOvcX6C1dcDbpOZZo+NjrDhWg6jJ:OffuCXpo

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Plugx family

      plugx

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks