Overview

overview

10

Static

static

1

2024-04-17...ce.exe

windows7-x64

10

2024-04-17...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-17_f49e304a05be6fb206a6ead8130ae8b6_ekans_eternalromance

  • Size

    63.9MB

  • Sample

    240417-sf8n5sdd32

  • MD5

    f49e304a05be6fb206a6ead8130ae8b6

  • SHA1

    d9bed284d019da309ef9eb21f7dc537b12270c0a

  • SHA256

    22224274b8cae5885476e60705675edb03845d3728ab207fb0ab20dda464e66d

  • SHA512

    66b776a7cc9b3fa08388e4f6b8505451eae1ac197804a68f09d1637d5c029e61d144cff0fbe834203851fcb83011e20fbe2e66c1613de424cc70ed5d1589d3bf

  • SSDEEP

    786432:exS05J4yh46IoWZXoCysKIeHtQj5KYS3WP:eD5JUXoCysKIPQYS3WP

Score
10/10
ploutusatmbackdoorspywarestealer

Malware Config

Targets

    • Target

      2024-04-17_f49e304a05be6fb206a6ead8130ae8b6_ekans_eternalromance

    • Size

      63.9MB

    • MD5

      f49e304a05be6fb206a6ead8130ae8b6

    • SHA1

      d9bed284d019da309ef9eb21f7dc537b12270c0a

    • SHA256

      22224274b8cae5885476e60705675edb03845d3728ab207fb0ab20dda464e66d

    • SHA512

      66b776a7cc9b3fa08388e4f6b8505451eae1ac197804a68f09d1637d5c029e61d144cff0fbe834203851fcb83011e20fbe2e66c1613de424cc70ed5d1589d3bf

    • SSDEEP

      786432:exS05J4yh46IoWZXoCysKIeHtQj5KYS3WP:eD5JUXoCysKIPQYS3WP

    Score
    10/10
    ploutusatmbackdoorspywarestealer

    • Detected Ploutus loader

    • Ploutus

      Ploutus is an ATM malware written in C#.

      backdooratmploutus

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables manipulated with Fody

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks