ploutus | 51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec | Triage

Submit
Reports

Overview

overview

Static

static

3

Windows.10....4.exe

windows10-2004-x64

Sharing

General

Target

Windows.10.Manager-3.9.4.exe
Size

18.4MB
Sample

240424-k1vzsagc5y
MD5

fe3e550b3c92e6ea44ffd37f9396ffa9
SHA1

124aa3b61468c7dc749a8455845f29bddf107751
SHA256

51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec
SHA512

19245fb78dbc949ef2ef17564a365decc50214bfc97b5e9835848fc1d7e0268adedafd317ad39dd852ddbe1ea341d13bdd8534f43d8d95c2f6db01333eab0e19
SSDEEP

393216:yEjGitsb/tM8Us+MNsg9XPlrzy7YRZkb0eIJR1BWPM:yE6VrthUsxNs/kkb0e01j

Score

10^/10

ploutus atm backdoor persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Windows.10.Manager-3.9.4.exe

Resource

win10v2004-20240412-en

ploutus atm backdoor persistence upx

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Windows.10.Manager-3.9.4.exe
- Size
  
  18.4MB
- MD5
  
  fe3e550b3c92e6ea44ffd37f9396ffa9
- SHA1
  
  124aa3b61468c7dc749a8455845f29bddf107751
- SHA256
  
  51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec
- SHA512
  
  19245fb78dbc949ef2ef17564a365decc50214bfc97b5e9835848fc1d7e0268adedafd317ad39dd852ddbe1ea341d13bdd8534f43d8d95c2f6db01333eab0e19
- SSDEEP
  
  393216:yEjGitsb/tM8Us+MNsg9XPlrzy7YRZkb0eIJR1BWPM:yE6VrthUsxNs/kkb0e01j
Score

10^/10

ploutus atm backdoor persistence upx
- Detected Ploutus loader
- Ploutus
  Ploutus is an ATM malware written in C#.
  backdoor atm ploutus
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ploutusatmbackdoorpersistenceupx

© 2018-2024

Terms | Privacy