Overview

overview

10

Static

static

10

cc552bed96...e1.exe

windows7-x64

10

cc552bed96...e1.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

PaintDotNet.Base.dll

windows7-x64

1

PaintDotNet.Base.dll

windows10-2004-x64

1

PaintDotNet.Core.dll

windows7-x64

1

PaintDotNet.Core.dll

windows10-2004-x64

1

PaintDotNet.Data.dll

windows7-x64

1

PaintDotNet.Data.dll

windows10-2004-x64

1

PaintDotNe...rk.dll

windows7-x64

1

PaintDotNe...rk.dll

windows10-2004-x64

1

PaintDotNe...es.dll

windows7-x64

1

PaintDotNe...es.dll

windows10-2004-x64

1

PaintDotNe...er.dll

windows7-x64

1

PaintDotNe...er.dll

windows10-2004-x64

1

PaintDotNet.exe

windows7-x64

1

PaintDotNet.exe

windows10-2004-x64

1

PaintDotNet_x64.msi

windows7-x64

6

PaintDotNet_x64.msi

windows10-2004-x64

6

PaintDotNet_x86.msi

windows7-x64

6

PaintDotNet_x86.msi

windows10-2004-x64

6

SetupFrontEnd.exe

windows7-x64

1

SetupFrontEnd.exe

windows10-2004-x64

1

SetupShim.exe

windows7-x64

1

SetupShim.exe

windows10-2004-x64

1

System.Buffers.dll

windows7-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Col...le.dll

windows7-x64

1

System.Col...le.dll

windows10-2004-x64

1

System.Memory.dll

windows7-x64

1

System.Memory.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc552bed9629fe4d9f2d6d60120bc8e1

  • Size

    12.3MB

  • Sample

    240315-y2mxfsad3v

  • MD5

    cc552bed9629fe4d9f2d6d60120bc8e1

  • SHA1

    bd12a0c8718bef907b1226ea6eca62a50390b401

  • SHA256

    c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0

  • SHA512

    eb3c782030d156976fd13998e2865f22b4ccbf6fb4b319cde2f9de62bb4710e0720f539422537cc6bf38a2dca9e3be323478ae5d074943747330a059f5ec6f06

  • SSDEEP

    196608:tZM0TgSLy5FaaOik2eYqZA4nKfBzmsvC48+BWCamEjunhAu8YYDEYJbO:ty0TgAy5Be9A4+BjCT+Gn+hAuzqBO

Score
10/10
metasploitploutusbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.10.14.49:443

Targets

    • Target

      cc552bed9629fe4d9f2d6d60120bc8e1

    • Size

      12.3MB

    • MD5

      cc552bed9629fe4d9f2d6d60120bc8e1

    • SHA1

      bd12a0c8718bef907b1226ea6eca62a50390b401

    • SHA256

      c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0

    • SHA512

      eb3c782030d156976fd13998e2865f22b4ccbf6fb4b319cde2f9de62bb4710e0720f539422537cc6bf38a2dca9e3be323478ae5d074943747330a059f5ec6f06

    • SSDEEP

      196608:tZM0TgSLy5FaaOik2eYqZA4nKfBzmsvC48+BWCamEjunhAu8YYDEYJbO:ty0TgAy5Be9A4+BjCT+Gn+hAuzqBO

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      56a321bd011112ec5d8a32b2f6fd3231

    • SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

    • SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    • SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    • SSDEEP

      192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

    Score
    3/10
    behavioral3behavioral4

    • Target

      PaintDotNet.Base.dll

    • Size

      2.0MB

    • MD5

      058c85ddd615bc066afd28e96dc7df2d

    • SHA1

      8c77a0d44dc4dcec978b03e9f17c2eb24728cabe

    • SHA256

      13dee83925a48aebbb71285d44b168798eb016cb264a1fefef01aa0a4de734ab

    • SHA512

      67f4b89f5b7def6af05d8483d812152c2297107ec41aced7fb80535729bb64f0a91beb98bacde2f1e8171ae5acad72b7f29584bbe7e71ccf3d58d7bc4ac781c3

    • SSDEEP

      24576:aODoRcfnOqhlKcUv2uvXV5wFo2OBh/we055RSrIuagKRrNmNjbLCBTO8vMzle7FY:aGA732CpwzQRAaz5jkW

    Score
    1/10
    behavioral5behavioral6

    • Target

      PaintDotNet.Core.dll

    • Size

      941KB

    • MD5

      cd3f316acee9b1c1cf93ef25dbfdf2f8

    • SHA1

      80c2167463f7978919bce803af173ae9dc13f335

    • SHA256

      6fd76d8163789eb98c0a10bdb729f5e98a8cb2ef17e7d0727b981c48c829ae5c

    • SHA512

      b716ab53505264f9a6c1b37e690fbdf67fbd9ffe41e9b005fd95b28f2de8dfc97288d15c085a3538d1aa352bd79faff9e04fcbfdd2fe57aaf96b68040884a10d

    • SSDEEP

      12288:7HX9J69H3/wLM4ZyEBQCixA/SlEQGhpNsU8U/eeUxKnAjonxY8:z9J69H3/HMQVA/rQG/eKAjoa8

    Score
    1/10
    behavioral7behavioral8

    • Target

      PaintDotNet.Data.dll

    • Size

      110KB

    • MD5

      faa007f8868711b989ba62b72af7ca14

    • SHA1

      f6a0f6a33eae828705c418785a3bfdc3c1179cb0

    • SHA256

      ae2cad3e70ad12edf8ee1ea851a1dcb43ea716503f26401e22c78c4dd9c761f1

    • SHA512

      42cf32dc5ea6647453d767e76dbd70f5123915f7ad519664bb5775b53aa92c5a1c0045deb62bee4d5e077a180c06bf53c4c37d73f49f964fd5b4aa00a2ab704b

    • SSDEEP

      3072:W9TUujmqUuAC4k7CQz6VnxcTwQHzhf1hVsVKqKbJR:W5L73z6Vnx6wMtBtR

    Score
    1/10
    behavioral10behavioral9

    • Target

      PaintDotNet.Framework.dll

    • Size

      461KB

    • MD5

      f0ceb605d486716eb12ccc027d97c1e5

    • SHA1

      ceaccf0d60dd238df33d7bd65973c0572c8cc914

    • SHA256

      26a8a960e390367bc2440645e014201c7c455d06e836c0d173b61716bc232128

    • SHA512

      8e72b93c5d6c5e88fe6597fd2d9c9846a727e9390258b72cfcca502e7567dd033954f4d4e33aa9d9add89e85eb13c5914e37384502d02ef8ca8f28c2f70795fe

    • SSDEEP

      6144:MuGlHALKQhDxhSGdWeB6IkOIes6F8RFfhdsjLSmjKo1nghF1cSP8T93nyPnnnnnC:MZWSG0eB6IkOISFAFyR1k8T93nJrL

    Score
    1/10
    behavioral11behavioral12

    • Target

      PaintDotNet.Resources.dll

    • Size

      995KB

    • MD5

      db4bc78d81f82115a7fc24c7854f1af5

    • SHA1

      68feaae29b72b6144a506a2de0526703a9767e2a

    • SHA256

      32d1593efaa78f8d61035deb11b4e124af127747daf6e690557e0b44549a6ee1

    • SHA512

      8e8df4507b904e32faa27115010bf33d7aff0bf5d1c13c0f128b8fb406e5ca65bf67a5963bc7ebaec56326501cd78c8f86c7e565798ca04f4fb3673bbdfabcd2

    • SSDEEP

      24576:PtkAB6N6vkMKJFWVaLgJTsS5Uu9F7iddvl0CI0zY3lawY1:PtkAQ4vkMIFW2ygeUu32rzI00S

    Score
    1/10
    behavioral13behavioral14

    • Target

      PaintDotNet.SystemLayer.dll

    • Size

      601KB

    • MD5

      9d66dddd8552e5975397f215ac6081ed

    • SHA1

      11dfe6f9756051b6cf658be7f37ba1ab585e7657

    • SHA256

      cdd3adf86062e0d2e9645e5a657096e584fc79eedff054949796efd800cf1130

    • SHA512

      0c4eada02e0bafe02f2f65d28662263488bee92a769ae8d8a45f5e786da4c30f62656b70138cc159416c14d9cc6cd382c45c4c512422dcbe8b33fb1c8748bc97

    • SSDEEP

      6144:FcE0NwuSQRWtUlm9NB++3P1oVS2K5XymjJzHXumxjnTs/OOmrOWDPSWW9cJbDLRO:ONrm9N809oVqhJz+UTsmOmrdDjqXtOMH

    Score
    1/10
    behavioral15behavioral16

    • Target

      PaintDotNet.exe

    • Size

      2.0MB

    • MD5

      da11080e76aa6f6ddaf949dacdf91695

    • SHA1

      17739eade33984b9f7728c9e8014f4cb7d09f98f

    • SHA256

      e1db30ca7b39d386225b19be53bbf045247c0565072024c9fae2457f256c8a85

    • SHA512

      7a13913fd3e28fe1642a439e9a4d9cb5516bce6fd0068aeecb29af1000b98a70fd02e4cc103aed3f3831c75fbb2d73b9027fbc80daf56c469c76e90861afb41a

    • SSDEEP

      24576:J/HykHxgVwLB5ziKE+t6LR15OXdvJd2C5O49e5wY8hh:dwcBxiKET4bd2C5f

    Score
    1/10
    behavioral17behavioral18

    • Target

      PaintDotNet_x64.msi

    • Size

      56.2MB

    • MD5

      b8ddb9faed245ef388db48364cab8fe7

    • SHA1

      515a8742c7d9163e717d4588a2654896923012fb

    • SHA256

      aa0b8df129122d767a7f711a0bd7a5fc838d2acad09f6890dcd209cf875973be

    • SHA512

      8324fcc465be44f47fa4bffece7195b31af45c19df30c57c4e0387841ef351ceb3dba06e6aa0ba66872cbd5bc06431512f7ffdad5b366e47b5261b95df96a621

    • SSDEEP

      393216:d7wMnozGuRlM7PZiKXOqCdALhOhuo6km1YvjcMpE9BiS+mFESSbQSnHtDTLu5ZWE:d79MnIiKH8nu63pbH4OO

    Score
    6/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral19behavioral20

    • Target

      PaintDotNet_x86.msi

    • Size

      56.2MB

    • MD5

      ec6bf9b6cfb60286994910fb8363ee5c

    • SHA1

      bc65389e57575b2f831280c9bf8880ae98a0709c

    • SHA256

      9a9f3f78a7288f24093c9ecdd9499b03fb660c66383d46bcba4e74b2b7cac714

    • SHA512

      136dba7818d0c3e40ab13ecc3625d72a9850fd19c83b9e20c1075e40e375e2b79b7b172ad2d3d3fc7f9355af4da1625a7bb1cc37b80bb6e81730084823e525cb

    • SSDEEP

      393216:l7MMnozGuRlM7PZiKXOqCdALhOhuo6km1YvjcMpE9BiS+mFESSbQSnHtDTLu5ZWE:l75MnIiKH8nu63pbH4OO

    Score
    6/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral21behavioral22

    • Target

      SetupFrontEnd.exe

    • Size

      89KB

    • MD5

      86547d7bff541e04d5a31db85efe627c

    • SHA1

      7e61f64a38ccaa9c17e7c2559bc106c042081cba

    • SHA256

      3de2570125fba893091f0a5bc557524fe53cf8d35a0f36a66562a29f6d68be98

    • SHA512

      8bfa86e0fee1b2e56c39ca5d73f48178daa6742d755b0084253f25062f5877aff80aa2e3150897cc6fc7c1ac1cd8705c8d1a7647094b8c650565791cfba9fb5c

    • SSDEEP

      1536:HvQBk8mSlzR8thiQCeEYwx22eMOZ5caNpHn60ajITWEnSBcoooCH/Xjtx1KhQLhu:PQgjtMQ3ww/Xjtx1KmQgWH9JPQLz6cw3

    Score
    1/10
    behavioral23behavioral24

    • Target

      SetupShim.exe

    • Size

      134KB

    • MD5

      6d683c23bab272e6aa3b41167d3cafd3

    • SHA1

      1738b9242401846d40be6814d08d6d969aa15394

    • SHA256

      7abea50aecce1c28c6312c6554dce3d72165b902241fa3a2b6d3fc09117b57ef

    • SHA512

      01818bde9490336914d2190cb9c98ce630fb3eb38634c5d231ba027e6e8b4f0d8fc1554c1094bcf669bdd01e02a98d558c7f73f3ea38b391fab0d3d608d9269b

    • SSDEEP

      3072:CIxhlOHEbzW5vMlS6NUX1qo4BE/9ugl+IHhrE90JGsfTyIBvzoTEVhY9HqqXf5I:sHEbzWajik9BEJBr5fTPjwKKxI

    Score
    1/10
    behavioral25behavioral26

    • Target

      System.Buffers.dll

    • Size

      20KB

    • MD5

      ecdfe8ede869d2ccc6bf99981ea96400

    • SHA1

      2f410a0396bc148ed533ad49b6415fb58dd4d641

    • SHA256

      accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

    • SHA512

      5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

    • SSDEEP

      384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e

    Score
    1/10
    behavioral27behavioral28

    • Target

      System.Collections.Immutable.dll

    • Size

      175KB

    • MD5

      8f55c22412f7d448d6e7b83102665368

    • SHA1

      88df86ee0b137992af15a35825804274fa252e30

    • SHA256

      67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918

    • SHA512

      058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb

    • SSDEEP

      3072:gUbJLl+WMe7FJ02NPhVN0T2rcoNXvUJ4C0jucx2ejoVjM4xT56pL:gUVMWNvrxUJ4CDcY5G

    Score
    1/10
    behavioral29behavioral30

    • Target

      System.Memory.dll

    • Size

      137KB

    • MD5

      6fb95a357a3f7e88ade5c1629e2801f8

    • SHA1

      19bf79600b716523b5317b9a7b68760ae5d55741

    • SHA256

      8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

    • SHA512

      293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

    • SSDEEP

      3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

ploutus
Score
10/10

behavioral1

metasploitbackdoortrojan
Score
10/10

behavioral2

metasploitbackdoortrojan
Score
10/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
6/10

behavioral20

Score
6/10

behavioral21

Score
6/10

behavioral22

Score
6/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10