ploutus | a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983

General

Target

a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
Size

3.1MB
MD5

7dce839b7c21809203977d1f8e43652e
SHA1

97682e8ed74f6d72d651ca7b20538750fa888fe5
SHA256

a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983
SHA512

551a8bf284fcdf3adc600394cedbfcae86124f18176c2716191a997d84c7bc58bb682949b2a40aad3ced1f51e58eea77e98427e8e46cfcbf9131d5dc6b4c9c10
SSDEEP

49152:fYQN8qMwZZp7mPl8aKrz8IgrquVDQPwnXAUW8kB7PBu3OG0vrxUosE:f3drp7Y8lf8I50QP8AUW8U7P4km

Score

10^/10

ploutus atm backdoor

Malware Config

Signatures

Detected Ploutus loader 16 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3324-3-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-10-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-11-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-13-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-16-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-18-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-19-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-20-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-21-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-22-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-23-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-24-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-25-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-26-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-27-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus
behavioral2/memory/3324-28-0x00000000007F0000-0x000000000136A000-memory.dmp	family_ploutus

Ploutus
Ploutus is an ATM malware written in C#.
backdoor atm ploutus

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

Processes:

a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe

pid	process
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
3324	a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe

pid process

3324 a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe

C:\Users\Admin\AppData\Local\Temp\a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
"C:\Users\Admin\AppData\Local\Temp\a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3324-0-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-1-0x000000007F940000-0x000000007FD11000-memory.dmp

Filesize
3.8MB

Download
memory/3324-2-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/3324-3-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-4-0x0000000007140000-0x00000000076E4000-memory.dmp

Filesize
5.6MB

Download
memory/3324-5-0x0000000006B90000-0x0000000006C22000-memory.dmp

Filesize
584KB

Download
memory/3324-6-0x0000000006C30000-0x0000000006C96000-memory.dmp

Filesize
408KB

Download
memory/3324-7-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/3324-8-0x0000000007030000-0x000000000703A000-memory.dmp

Filesize
40KB

Download
memory/3324-9-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/3324-10-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-11-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-12-0x000000007F940000-0x000000007FD11000-memory.dmp

Filesize
3.8MB

Download
memory/3324-13-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-14-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/3324-15-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/3324-16-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-17-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/3324-18-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-19-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-20-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-21-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-22-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-23-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-24-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-25-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-26-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-27-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download
memory/3324-28-0x00000000007F0000-0x000000000136A000-memory.dmp

Filesize
11.5MB

Download

Analysis

Sharing