ploutus | b8ccfc220cde07a822d11b6aa0070c8a532d5fea1ae63b921fe4dbf8d55706ba | Triage

Submit
Reports

Overview

overview

Static

static

3

TS 5.17.5/...up.msi

windows10-2004-x64

TS 5.17.5/setup.exe

windows10-2004-x64

7

Sharing

General

Target

TS 5.17.5.zip
Size

118.6MB
Sample

240201-nd4j7abhe8
MD5

f61364e7841718e940e6b5d9bc729c27
SHA1

cb6413e2f459d9bab9094df0bec4b17e7d0992ea
SHA256

b8ccfc220cde07a822d11b6aa0070c8a532d5fea1ae63b921fe4dbf8d55706ba
SHA512

6ea06bc8129a85b9391a8be80295a39379009a9bf5826d64534e51371009427bcf223d81fe5f8e134f7fb5bd705a792dd2006670fe316bf8411d918e385d9718
SSDEEP

3145728:EHF3jY4Jp2MN2fF+5KcD6/YogjsrLTsXH8KXGM5CN6L:EJt0MN2tKKce/YoNHTs38KXuS

Score

10^/10

ploutus atm backdoor

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TS 5.17.5/TS Setup.msi

Resource

win10v2004-20231215-en

ploutus atm backdoor

windows10-2004-x64

15 signatures

600 seconds

Behavioral task

behavioral2

Sample

TS 5.17.5/setup.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

600 seconds

Malware Config

Targets

- Target
  
  TS 5.17.5/TS Setup.msi
- Size
  
  119.6MB
- MD5
  
  762693a76e48c511441139a32e1b0afe
- SHA1
  
  3d8bac6a67b71d52f4a2bf547e7140297fa61dc9
- SHA256
  
  fdd43450dd4fbb4401851aa82f46b392e2e6d721a456db2eedafe566de6d7c7f
- SHA512
  
  48d4a6c039392534f021d45e6fdca287270599ef985555add06a8b3e12cd6279d9a01b33355e87bf794561741dca585302ef70fa5ebca0a9cdfbf2bb76ada4a4
- SSDEEP
  
  3145728:n57bFe0N9sOVo+N+/k++ODv87wtE1ODuaoIZ4DwiuJou:n15yOVoiyk9Qv8MtIQuaL4Dwz
Score

10^/10

ploutus atm backdoor
- Detected Ploutus loader
- Ploutus
  Ploutus is an ATM malware written in C#.
  backdoor atm ploutus
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1
- Target
  
  TS 5.17.5/setup.exe
- Size
  
  519KB
- MD5
  
  8f343990917e9436f243b013b5f8d1c1
- SHA1
  
  adc2000eb4cc2b7f3b4b4ccc5248ea929c0bf8eb
- SHA256
  
  cddccb68e072dcc325d12ea9c6bfe54a7cf55f8a7ac954e2e8ed48dda6fa0276
- SHA512
  
  ad0253737b149c1949e6c5fa1234ce72931c6d02ba96bb40bca8a22c896ef93e8bf1b2ac6fc7bcb454842bb4fd188d35e43e3763d0631aa5532d8395bdad33d5
- SSDEEP
  
  12288:fDPdsil5fCMggBIiMVO26kk+FGSeMb01JQntLOCVWU:fD1s2ts96kTNemV
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ploutusatmbackdoor

behavioral2

© 2018-2024

Terms | Privacy