Behavioral task
behavioral1
Sample
ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f.exe
Resource
win10v2004-20240226-en
General
-
Target
ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f
-
Size
2.7MB
-
MD5
f9c17ae4429f8627a9802a3132612ec2
-
SHA1
c3d89f8d8519aa83935dd6262b767e6258248dea
-
SHA256
ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f
-
SHA512
86886873ac900e647ee0ea37c3cf61b9397c5de2ea9b46d985399cf87e7e1360d4ce971c8e37b44bbb355d7c439ec75a2f004601516ddcda4b49e973fbfb7e8f
-
SSDEEP
24576:mLsn9+gS6uHk1U4iy+hzy3cHoORwqetii6hsuiWwIkNFIjQSc:VLS6uH8UzyHiohbyR
Malware Config
Signatures
-
Detected Ploutus loader 1 IoCs
Processes:
resource yara_rule sample family_ploutus -
Ploutus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f
Files
-
ecf541ab4a6edcb60c3ea5efa68f0da05a9fed20cc38ab3fdaa6bbc97920ae1f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 175KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ