PlugX: Bad guy disguises as an msi file
I. Overview II. Analysis 1. Locate suspicious files Use msitool to extract msidump -s -t mal.msi. In File.idt, we can see that there are 3 embed file. These files are extracted to %LOCALAPPDATA\kjnBsLsJo\ 2024Contact.exe security.dll contactDB.dat ...
Mar 14, 20257 min read819