TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する個人の調査・研究記録

PlugX (2)

【ブログ】

◆Tracking down the author of the PlugX RAT (Alienvault, 2012/09/13)
http://www.alienvault.com/open-threat-exchange/blog/tracking-down-the-author-of-the-plugx-rat

マルウェア検体のハッシュ】

◆PlugX
MD5: 2ca739538e18ce6f881694d99f6e22e9
SHA1: 88222c4fe9b9af8300b135229ad7b3303c299aab
SHA256: c1c80e237f6fbc2c61b82c3325dd836f3849ca036a28007617e4e27ba2f16c4b
SHA512: efafc12a6078989e31c35332fd8163d063ea37e098e056d9ad30722e9a65d0a1f6ec53051a9794fe83c4fc867c0b7dff1dc58f41a2072942c38b1253e94352c8
SSDEEP: 3072:qua3ds8DIoJtSq1fFPmYejhX1dwfx8Cr7A+35TCZUz2yEM:qua3xDRz1fgYej/dwfeO7AU0Ze2
authentihash: 214d5243ea92511a7d6423812d3ac25a16c4109737fb2c0554dcbb56156e64e1
imphash: 1b003e9291d7665df04b0ac0b5c53701
File Size: 172032 bytes
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
コンパイル日時: 2012/06/17 16:44:58
Debug Path: d:\work\plug4.0(nvsmart)(sxl)\shellcode\shellcode\XPlug.h
File Name: plugx.dll
File Path: C:\DOCUME~1\User\LOCALS~1\Temp\plugx.dll
https://www.virustotal.com/ja/file/c1c80e237f6fbc2c61b82c3325dd836f3849ca036a28007617e4e27ba2f16c4b/analysis/
https://malwr.com/analysis/ZmIwYmMxY2JmNTlhNGIxMWIxMzU1YmZkOTg5ZDYxNjM/
https://www.threatcrowd.org/malware.php?md5=2ca739538e18ce6f881694d99f6e22e9
http://www.isthisfilesafe.com/sha1/88222C4FE9B9AF8300B135229AD7B3303C299AAB_details.aspx
Google 検索

◆PlugX
SHA256: 1a091c2ddf77c37db3274f649c53acfd2a0f14780479344d808d089faa809a
コンパイル日時: 2012/06/17 16:44:58
Debug Path: d:\work\Plug3.0(Gf)UDP\Shell6\Release\Shell6.pdb

◆PlugX
SHA256: 42813b3a43611efebf56239a1200f8fc96cd9f3bac35694b842d9e8b02a
コンパイル日時: 2012/05/26 07:16:08
Debug Path: d:\work\plug4.0(nvsmart)\shellcode\shellcode\XPlug.h

◆PlugX
SHA256: 28762c22b2736ac9728feff579c3256bd5d18bdfbf11b8c00c68d6bd905af5b8
Debug Path: d:\work\plug3.1(icesword)\shellcode\shellcode\XPlug.h
コンパイル日時: 2012/06/14 6:06:00


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2017