Sample information shared by Johann Aydinbas(@jaydinbas): Sample hash: 2025427bba36b48e827a61116321bbe6b00d77d3fd35d552f72e052eb88948e0 Download here! Details of this sample as shown below: Pseudocode at Mc.exe’s mw_load_and_exec_McUtil_dll_code function: The pseudocode at the plx_patching_func function of McUtil.dll performs the task of patching code: The pseudocode at the function plx_read_Mc_cp_content_and_exec of McUtil.dll performs the task of reading the entire contents of Mc.cp […]
Article Link: [QuickNote] Another nice PlugX sample | 0day in {REA_TEAM}