Overview

overview

10

Static

static

10

49c9dfce83...30.exe

windows7-x64

10

49c9dfce83...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30.exe

  • Size

    129KB

  • MD5

    20254b00201935884467b6384d6f6508

  • SHA1

    6b40dba991a559613e73eb4e1ee0e2a2dd5fbf4f

  • SHA256

    49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30

  • SHA512

    a50889e03694d1d418ede40b7ea26541948a5bc7bdf90e2e0a0a0bc71fcbc548aa55d62fa898ef837c8defb01be26a34fe9060979b041fb95ec290dbdb5e293e

  • SSDEEP

    3072:zJp3XXTwGouKRZzFPk2I111KYTI1Uk16R86:FpHXroXHMzTy1o

Score
10/10
ploutusatmbackdoor

Malware Config

Signatures

  • Detected Ploutus loader 1 IoCs
  • Ploutus

    Ploutus is an ATM malware written in C#.

    backdooratmploutus

Processes

  • C:\Users\Admin\AppData\Local\Temp\49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30.exe
    "C:\Users\Admin\AppData\Local\Temp\49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30.exe"
    1⤵
      PID:2180

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2180-0-0x0000000000CA0000-0x0000000000CC4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2180-1-0x0000000000CA0000-0x0000000000CC4000-memory.dmp

      Filesize

      144KB

      Download