Overview

overview

10

Static

static

3

CoreFoundation.dll

windows7-x64

3

CoreFoundation.dll

windows10-2004-x64

3

iTunesHelper.exe

windows7-x64

10

iTunesHelper.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    360a90f4e24859ade78351e58c5c3fc4a54beba94d031ec12b598bda590ea7ef

  • Size

    337KB

  • Sample

    250127-mtyhfavlaw

  • MD5

    93c358440e05d5faf54a1ce628364684

  • SHA1

    771a199a804f352be4dd55215d56a4c648b4125c

  • SHA256

    360a90f4e24859ade78351e58c5c3fc4a54beba94d031ec12b598bda590ea7ef

  • SHA512

    a3238add34ceb5bd4062ff54b86be0ec185805deb4d4d989b6297fedf6c03b5db20a9db9a187e4442d928958fd81c1f22d851be22d4f83205406d5e1b3b5dba9

  • SSDEEP

    6144:y6A7+HuGT8t73MA5HnjY+yJzssC7sZHY4H83L2n7RFyPdFdNZB:y6AqOGGMAxj2zs37saG8b2l81jx

Score
10/10
plugxdiscoverytrojan

Malware Config

Targets

    • Target

      CoreFoundation.dll

    • Size

      53KB

    • MD5

      5afe443ddabb1ade4e5bb4b0eb80894b

    • SHA1

      26de33b0d6db22b956e53958f1e600d732945bdc

    • SHA256

      38428e93bfa1d4130b948826b763806a3fb06cf9323a960fded41fe60cd18057

    • SHA512

      33d27ffc32cd60c51f3d4b19102ecce5c24087691006e778555e53fbc84faa898766da89b1f6a70364e43b49e69c449d16ce0e30daf6f64c19d29af4b2d87823

    • SSDEEP

      768:/HPD7oH31RNBWG+e8akLqRmhHPkkQzy2nDEDlbFS2nwmcSSSSf:/77oH31cG+eyLMqvkeQUfwTSSSSf

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      iTunesHelper.exe

    • Size

      299KB

    • MD5

      6ce6784df5fc5b8550c44f90382c2cdd

    • SHA1

      cdb8736bc0ef8298377961adc500242dbe47c5d9

    • SHA256

      883c97df8c1e6f310ae655c0dff076dbb845b67df1499e746f63c951c842d6fb

    • SHA512

      1a1d90534a10989c1aa78ea7bda5cad203b75e12f18b4f0b5fc411a1b21af8c38bf6e0b7352458d28e69fe177f87d43a7f816d5a7f5366a5c76507a9228e0df9

    • SSDEEP

      6144:NnD7PE0+kEvmOpQe/u3g83A8+123+FM2+zIv++r:FDAmEvmOpQeX8Bt4f

    Score
    10/10
    plugxdiscoverytrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Plugx family

      plugx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Deletes itself

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks