ploutus | 51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec | Triage

Submit
Reports

Overview

overview

Static

static

3

Windows.10....4.exe

windows10-2004-x64

Sharing

General

Target

Windows.10.Manager-3.9.4.exe
Size

18.4MB
Sample

240424-k1vzsagc5y
MD5

fe3e550b3c92e6ea44ffd37f9396ffa9
SHA1

124aa3b61468c7dc749a8455845f29bddf107751
SHA256

51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec
SHA512

19245fb78dbc949ef2ef17564a365decc50214bfc97b5e9835848fc1d7e0268adedafd317ad39dd852ddbe1ea341d13bdd8534f43d8d95c2f6db01333eab0e19
SSDEEP

393216:yEjGitsb/tM8Us+MNsg9XPlrzy7YRZkb0eIJR1BWPM:yE6VrthUsxNs/kkb0e01j

Score

10^/10

ploutus atm backdoor persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Windows.10.Manager-3.9.4.exe

Resource

win10v2004-20240412-en

ploutus atm backdoor persistence upx

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Windows.10.Manager-3.9.4.exe
- Size
  
  18.4MB
- MD5
  
  fe3e550b3c92e6ea44ffd37f9396ffa9
- SHA1
  
  124aa3b61468c7dc749a8455845f29bddf107751
- SHA256
  
  51a759bcc937a6fe611d3f51bfcdd0aab88966099435768e933dac15a98a92ec
- SHA512
  
  19245fb78dbc949ef2ef17564a365decc50214bfc97b5e9835848fc1d7e0268adedafd317ad39dd852ddbe1ea341d13bdd8534f43d8d95c2f6db01333eab0e19
- SSDEEP
  
  393216:yEjGitsb/tM8Us+MNsg9XPlrzy7YRZkb0eIJR1BWPM:yE6VrthUsxNs/kkb0e01j
Score

10^/10

ploutus atm backdoor persistence upx
- Detected Ploutus loader
- Ploutus
  Ploutus is an ATM malware written in C#.
  backdoor atm ploutus
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ploutusatmbackdoorpersistenceupx

© 2018-2024

Terms | Privacy