MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c0e85b5fa257cad0eccfe7ddd65f7d2294a56d01d080697e38eac6f1016abee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PlugX


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c0e85b5fa257cad0eccfe7ddd65f7d2294a56d01d080697e38eac6f1016abee
SHA3-384 hash: 06c17cc6d2ea7c6a1e618cdc5c82ec2d74e6d182b17d301e64836753c8a23dba39f56cc346fe2ff0229154fe12623380
SHA1 hash: b3a069143e627fcec52fe68fe80ca785917622be
MD5 hash: 3447bb981cccbb9c0dc049a707a74b40
humanhash: burger-tennis-idaho-victor
File name:2c0e85b5fa257cad0eccfe7ddd65f7d2294a56d01d080697e38eac6f1016abee.bin
Download: download sample
Signature PlugX
Create hunting rule
File size:72'192 bytes
First seen:2021-07-28 01:39:47 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 04806a1eaf4e8de6f0935e3aabe9b8bd (3 x PlugX)
ssdeep 1536:u4Hd4iaPI1/zhAP6YtnogaDc8zvsWjcdSz8a:0zw1/zeMzQSv
Threatray 2 similar samples on MalwareBazaar
TLSH T13A637D2177D59470E5FF063518B48A41267E7E215EF68C6B3F84128E8A702D0AF79F27
Reporter Arkbird_SOLG
Tags:apt dll Plugx Thor Variant

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174556/
Detection(s):
SecuriteInfo.com.Variant.Zusy.310644.22323.28044.UNOFFICIAL
Create hunting rule

Malware family:
Dllhijack
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6331d893-0019-4532-b8d9-de6df7cfe1d1
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/822843
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 455255 Sample: 9Px94iaVXb.bin Startdate: 28/07/2021 Architecture: WINDOWS Score: 56 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        process5 15 rundll32.exe 9->15         started       
Gathering data
Threat name:
Win32.Trojan.DllHijack
Create hunting rule
Status:
Malicious
First seen:
2020-09-25 19:21:56 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqhilnp2ev6k2dwm7z652zpx2iuuuvwqdueanf7dr2wg6eawvpxa._file
Verdict:
unknown
Similar samples:
125fdf108dc1ad6f572cbdde74b0c7fa938a9adce0cc80cb5ce00f1c030b0c93
PlugX
a9cbce007a7467ba1394eed32b9c1774ad09a9a9fb74eb2ccc584749273fac01
PlugX
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210728-ly8szqrypj/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
2c0e85b5fa257cad0eccfe7ddd65f7d2294a56d01d080697e38eac6f1016abee
MD5 hash:
3447bb981cccbb9c0dc049a707a74b40
SHA1 hash:
b3a069143e627fcec52fe68fe80ca785917622be
Link:
https://www.unpac.me/results/c81cfd7c-471b-4baa-b185-40956564985b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c0e85b5fa257cad0eccfe7ddd65f7d2294a56d01d080697e38eac6f1016abee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174556/

Comments