MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PlugX


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
SHA3-384 hash: a25078eb4cc1e2f587bee90ea8f6b96e21d78b4600db7c3f9ffe23c22669dc81b4ef408f70015f8789e43362e8f34e5d
SHA1 hash: d599ca575b995d8de971aed8a64762225bde386d
MD5 hash: ffa5f4b6b580d53bc311d6e5bace3110
humanhash: wyoming-sierra-single-november
File name:9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
Download: download sample
Signature PlugX
Create hunting rule
File size:41'984 bytes
First seen:2022-02-22 08:28:53 UTC
Last seen:2022-02-22 08:33:01 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a0d60cd1c7847a79d4bccecffa442d30 (1 x PlugX)
ssdeep 384:k75KY5pp3D09zQOlfMgLJQJtsKW19L6LY+CiZxvnWizzrwReFB3WK3FTUax9RUKX:+z5pVD0nXLEL3Wi6K3BUaxdJizoQIVt
Threatray 5 similar samples on MalwareBazaar
TLSH T12D136B507060C0B3D24A527D185A9B519E6F69111BF5E4833FFB078EAFB22E4A63F346
Reporter JAMESWT_WT
Tags:dll KorPlug Plugx

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/243203/
Detection(s):
SecuriteInfo.com.BackDoor.PlugX.6.7864.26679.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/62149ed8a2660f3bb92365c1/reports/a4629a62-43c0-426a-9456-a47e2bf5c920/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/05cf4228-c747-4808-aeac-88a25b22c62b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/943736
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 576210 Sample: Fv9Smc0oLd Startdate: 22/02/2022 Architecture: WINDOWS Score: 60 13 Antivirus / Scanner detection for submitted sample 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 Sigma detected: Suspicious Call by Ordinal 2->17 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2014-05-21 05:10:41 UTC
File Type:
PE (Dll)
AV detection:
24 of 43 (55.81%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
6e6bfcbc22644d060670718dea2c5a7d860edc55cf8bd6100e277e53a8b0fc92
PlugX
72660328d491a37b99ae219252eccab4dfd568329fbb72e512167b239ba2c190
PlugX
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143
PlugX
9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
PlugX
a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3
PlugX
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220222-kdlgtsfgep/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Unpacked files
SH256 hash:
9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
MD5 hash:
ffa5f4b6b580d53bc311d6e5bace3110
SHA1 hash:
d599ca575b995d8de971aed8a64762225bde386d
Link:
https://www.unpac.me/results/c7acdbf4-484f-4c70-be8e-bf480510c380/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/243203/

Comments