Overview

overview

10

Static

static

1

TS Setup.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TS Setup.msi

  • Size

    119.6MB

  • Sample

    240214-em75asge6z

  • MD5

    762693a76e48c511441139a32e1b0afe

  • SHA1

    3d8bac6a67b71d52f4a2bf547e7140297fa61dc9

  • SHA256

    fdd43450dd4fbb4401851aa82f46b392e2e6d721a456db2eedafe566de6d7c7f

  • SHA512

    48d4a6c039392534f021d45e6fdca287270599ef985555add06a8b3e12cd6279d9a01b33355e87bf794561741dca585302ef70fa5ebca0a9cdfbf2bb76ada4a4

  • SSDEEP

    3145728:n57bFe0N9sOVo+N+/k++ODv87wtE1ODuaoIZ4DwiuJou:n15yOVoiyk9Qv8MtIQuaL4Dwz

Score
10/10
ploutusatmbackdoor

Malware Config

Targets

    • Target

      TS Setup.msi

    • Size

      119.6MB

    • MD5

      762693a76e48c511441139a32e1b0afe

    • SHA1

      3d8bac6a67b71d52f4a2bf547e7140297fa61dc9

    • SHA256

      fdd43450dd4fbb4401851aa82f46b392e2e6d721a456db2eedafe566de6d7c7f

    • SHA512

      48d4a6c039392534f021d45e6fdca287270599ef985555add06a8b3e12cd6279d9a01b33355e87bf794561741dca585302ef70fa5ebca0a9cdfbf2bb76ada4a4

    • SSDEEP

      3145728:n57bFe0N9sOVo+N+/k++ODv87wtE1ODuaoIZ4DwiuJou:n15yOVoiyk9Qv8MtIQuaL4Dwz

    Score
    10/10
    ploutusatmbackdoor

    • Detected Ploutus loader

    • Ploutus

      Ploutus is an ATM malware written in C#.

      backdooratmploutus

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks