ploutus | 5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0

Sharing

Copy URL

Twitter E-mail

General

Target

729a7bf23d64052ca1bde881bc9813af
Size

2.2MB
Sample

240124-vxb3lsecfl
MD5

729a7bf23d64052ca1bde881bc9813af
SHA1

c48d1519c05088b9dc4b0af6da71aefaabddcd91
SHA256

5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0
SHA512

32c9966ab4d522876384ccd355585a5940ac06580faf036fcd9f5d1b7f21eef98ee77c18c57ab86ee460d41114868b6f95ef8bae7de299b4d4235c61af551d61
SSDEEP

49152:JladY2vgqH0OKj06nL6IDZdkYk8vauvM8s2N8rQYKwddARZkrdi/:Wr0txL6INnkeaMOVSceHkk/

Score

10^/10

ploutus

Malware Config

Targets

- Target
  
  729a7bf23d64052ca1bde881bc9813af
- Size
  
  2.2MB
- MD5
  
  729a7bf23d64052ca1bde881bc9813af
- SHA1
  
  c48d1519c05088b9dc4b0af6da71aefaabddcd91
- SHA256
  
  5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0
- SHA512
  
  32c9966ab4d522876384ccd355585a5940ac06580faf036fcd9f5d1b7f21eef98ee77c18c57ab86ee460d41114868b6f95ef8bae7de299b4d4235c61af551d61
- SSDEEP
  
  49152:JladY2vgqH0OKj06nL6IDZdkYk8vauvM8s2N8rQYKwddARZkrdi/:Wr0txL6INnkeaMOVSceHkk/
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  438KB
- MD5
  
  9e1fe7b0eb75814578f900ae56995e92
- SHA1
  
  f5100e25ca3953862983fbc7a711e21df2e16b9f
- SHA256
  
  abb8fbe643a37ba41c0e753a5c35dd38ed74f38f21112a9c57a6206fcb6cf66e
- SHA512
  
  88bb1586fe61c64b39f28a315bcd22b03a0b981c71a7dcf58d5d5a6288a3c1dd29b14f2512b01fbdc6b2348e71cb5e16189978b74d32afeb78411942afa44c9c
- SSDEEP
  
  6144:Nyyy1K4KiB8K5G8xG+rdXpTvtoEk/xSj7oJEsfcFZP4A5lT65NCrcvLmffJx:N7sNxG+rdXpTtPkJS0E4A5J6NGff
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/SimpleSC.dll
- Size
  
  59KB
- MD5
  
  52aaf305fba84b5107c453424df1864e
- SHA1
  
  9887f4bd7458e1a7724b90256c073492843841a7
- SHA256
  
  f41f1173b9d367bb6a085ff0b19d1273fc0b7dad32fedbb69b07240cfc9950c8
- SHA512
  
  9a05e7a2f62956bc46d2257496256606f40e7e78ca6199a80f5945f609e4c049a92c03d7b44d301a854a0bce32ff100ff6aa2b66d4fed649c2d90de95875dced
- SSDEEP
  
  1536:E/qXv1si+Xsp9MNfPTM+Ov01p4f4fx+QxA:rv1EXZBPkvX4x+Qx
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  7f56c0d6a8733dec142814ed5a58b0ee
- SHA1
  
  c119e66f179cfb758966f3cf878466057bea1840
- SHA256
  
  86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f
- SHA512
  
  8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3
- SSDEEP
  
  384:d/lNMKbnRWKYyCvDvQH3yBf/qPNGkVWYyLrcMf9VQ8c:d/lq+RDYJf/qPNGkQ5LrcCQ
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMP/ConnectifyShutdown.exe
- Size
  
  106KB
- MD5
  
  6e95adb1c3ac873838673214c2caaa57
- SHA1
  
  cc6880b9221d452551ddf192445896c210549aa8
- SHA256
  
  9754e9d8447fb41699f750c6955cacdd3db48539860dd8a8bf1998fefd4cc5bb
- SHA512
  
  728a0064dbea24880efaee1f50423fa95860f5c128e4bc65a7297e9146212742d54f95e7c54eb74eac244a8d38e904dae787f66b91844243ae238345973c0806
- SSDEEP
  
  1536:Q1XZVbCBFQkxuuqqqqqqqqqqqqqqo8F7PvL8nxEZXM0MaVPrOi5:Q1XzIQkxlqqqqqqqqqqqqqqKVaVP3
Score

1^/10
behavioral15 behavioral16
- Target
  
  BuildProps.dll
- Size
  
  14KB
- MD5
  
  38db5030ddd6e20f3e0b9322a20820d8
- SHA1
  
  ac0bf7b30855394ce7fc3a80ed6b8f529afd0507
- SHA256
  
  c16593e5c245dafc2d4cec572f7c26205a2ab4a19904cefafd1056370ea55797
- SHA512
  
  9b8150849993be9eab796131e6f72a124130cea42c276cdd97b0acc10840ff9744291b349783952b4354d18ee8f82a58e94f7fe2ddc0753eaab6ec54f7b03402
- SSDEEP
  
  192:GcteCw5RBXjfdcZMQG6hyowJL/eRoeuJafjMNfzg54X8jSJUbueqS/F:eZfyZMQGmYJLea8oNE54XdUb+2
Score

1^/10
behavioral17 behavioral18
- Target
  
  ConnUPnP.dll
- Size
  
  30KB
- MD5
  
  e9c88808778dc97d319009b94acc4c31
- SHA1
  
  45ebaf95a7b82e45dffcc4145a815cf1ad3d477d
- SHA256
  
  fc7a054c2b2b7c17b3b1047c16fe61ddb0882bf304271528970cb6b51896ab44
- SHA512
  
  cf02a9fb19863b5357eb45fa0e2508a725ba8b9d070fd8669b0b90fbcada0ed3e7a167d91a177550a3c1458be3ec94730600357f249b796feb85b09d29d05a2f
- SSDEEP
  
  384:bipOximMVF4B2YOCgEojndvXiRvY5ApnQdNBpQdu3sX8rILCaOeYJLea8oNE54Xa:Lo9Cg5ndvXiRwDOduC8UuaOnLCiw
Score

1^/10
behavioral19 behavioral20
- Target
  
  Connectify.exe
- Size
  
  1.3MB
- MD5
  
  b05b39eaf75a2bf3b7a48de21ec53bf2
- SHA1
  
  246859e734f9bef2af407ff68edb0083db8cb6d8
- SHA256
  
  dfa9801d4bd605daeca0c170b27a5ca9fe6a062db7dd14390b59a5facd15e1dd
- SHA512
  
  c16c076890eef5e7217e3493513cd707c5a98ef6a18aa950212ba428a1fa4a9b85f336d1e9bf98540dff11286fc3cc9b22eca25ec8740aeaf8ac68d0f1c2b837
- SSDEEP
  
  12288:G6hgH2p/dQmKaUQKaUDpFwYBzKgKfLu/GwKaUd:G6hgS/CmjLjWpGYJKgaLuHjk
Score

6^/10
- Drops desktop.ini file(s)
behavioral21 behavioral22
- Target
  
  ConnectifyNAT.dll
- Size
  
  288KB
- MD5
  
  d1e979c80f3a75fdab05462dad383bc3
- SHA1
  
  e8ef2c8fe5b45888020dce862dd4c7ae59c0be20
- SHA256
  
  9bfaa78a288f894ead9bbe616b24c777c5da76ffbc9ed03aa3d8e4a3c954ffe7
- SHA512
  
  ff2a2970988b7abf4563b94908a355d49720e993750807ee64b7f0439c0f1dfdf6aa0cea5323594ecf3f8094698408f02d665118b1c8710643afecf61f258a65
- SSDEEP
  
  6144:Tj9PE42T+v4PlM+IsRb+q1jrdVrNGZam0Z4Ocy:piaq1j9o90Zlp
Score

1^/10
behavioral23 behavioral24
- Target
  
  ConnectifyNetServices.exe
- Size
  
  342KB
- MD5
  
  e890111ffa233f8b112da1f053b133c2
- SHA1
  
  edc9230fc806e3b92ac4e493251dc7c1fd7c9110
- SHA256
  
  d729d96d72670e06e38a856e4e0744fe4bc3e133f2d02218fd668432dd37d3ee
- SHA512
  
  24f55ce4f25437056c2ed1e2177ca0e3d29a4534ab0063ed3b1e345b0eabe3cc3655b59249f9b0df8e16925707a22e0898b783d126c48f3f0717eb318e7c68b1
- SSDEEP
  
  6144:jyYKl19x4hqiICRHZrgi4egLdDj+teRNgWZtshrL:jWVFi4tpysRlsh/
Score

1^/10
behavioral25 behavioral26
- Target
  
  Connectifyd.exe
- Size
  
  872KB
- MD5
  
  e38295793ef7a30857c2ef9026aa7f75
- SHA1
  
  44bda8643d79fdada41b830885ebfdc83a26f4fb
- SHA256
  
  431282581da00b8b4e624f539b327d3d9d06c2d6c19b819ec495fffcef46d81b
- SHA512
  
  749a35c2610f502f04ee7ec49eddb7d159b13cf7764736c515803be58f605632b0fa32abddd83ac79ebeeec8457ae1c6e87623fa9c772d88aa1e28b583c96d8b
- SSDEEP
  
  24576:B8kB52Iy5LDujoJi48PR5HQ6Z2Ls8my9iwigs:B8kB52Iy5LDujoJi48PR5HQ6Z2Ls8myq
Score

1^/10
behavioral27 behavioral28
- Target
  
  DriverLib.dll
- Size
  
  22KB
- MD5
  
  ca6b745157ad28955f5a988a10cd93f5
- SHA1
  
  289d0afd961d4c579cf85aeb20961531adb31d0d
- SHA256
  
  a81ea08c9952d61be170f19eb7922887ec1ec798cd43b95f4e7b5e8cdcdeaea8
- SHA512
  
  e8aedfacf304c459a43367d706cfcfc6a740c933ce4ba4fb01cb84f125826eb7ecac093d2d99622fab410fd12e387be6293230f5c03087624e83f7fb857d83a8
- SSDEEP
  
  384:SHRajxnG7aKcPhQhXfFvxQCqsLbhrBzDQVK9zyqnV3fYJLea8oNE54XdUb+j:SHRajxnNKcP67hVT9zyqV3uLCij
Score

1^/10
behavioral29 behavioral30
- Target
  
  HardwareHelperLib.dll
- Size
  
  20KB
- MD5
  
  ddecc64b70b823b7c2ed9b9bc62d8406
- SHA1
  
  ce76c27d93500baebe90e71ef1a1cde8019f4ce4
- SHA256
  
  5dd84bb0b241293f5750ed5968f1c3639fcf515420c831342b46dda466119ae3
- SHA512
  
  1b96f3976d382fffcee8e2dc6df9f18fa0c364138808d9be60e7ddf9cf9a8939348f60e4fb92e20e2a88620df1d9db5f21db422aedb823865f1caa43e776ff6d
- SSDEEP
  
  384:0QN8W7pcq84rfwU5kBeGTIbyYJLea8oNE54XdUb+V:RNpcqrrfwU5O1snLCiV
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32