ploutus | ba090f00dec7afbd561670d2a345193fe2d8c10688aa3b5c73972918d1a55a4a

Sharing

Copy URL

Twitter E-mail

General

Target

10de35a72f05fd40a075993d0c1378b0_JaffaCakes118
Size

2.2MB
Sample

240626-f4bm4azgjm
MD5

10de35a72f05fd40a075993d0c1378b0
SHA1

15cc57ebdd406a42f489e23440792c0cec0d3ef0
SHA256

ba090f00dec7afbd561670d2a345193fe2d8c10688aa3b5c73972918d1a55a4a
SHA512

ca5f5fa96a2c57e51b441ca70302d195dbb7af25cf068289f27ba5583e113db4d8c76f2343e8f4f4de89588e9d71fae1b34188cee120eb9c1c5d3f6ac8dc41d6
SSDEEP

49152:csT/ZVknzPhWewNK497iok1BN4VTF07mbJbvvNZT:csTBVm5iQ4Nrk1BN8F0iZFZT

Score

10^/10

Malware Config

Targets

- Target
  
  155绿色软件站.url
- Size
  
  219B
- MD5
  
  3a1f2a8a3ef08ae269517a69ea918b2c
- SHA1
  
  7d2e6719702bc8472e045e010efa6ed3f7df4b5b
- SHA256
  
  66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
- SHA512
  
  22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score

1^/10
behavioral1 behavioral2
- Target
  
  ConnectifyInstaller.exe
- Size
  
  2.3MB
- MD5
  
  bba89f330b31044a6c6569ee0614b615
- SHA1
  
  1e1831ac192e85ffd87f9ca0861df9b170f2d519
- SHA256
  
  4eb55b8382e711f6434967847653b7832de6bd5b4fe0fd18fb9add1c2c55c430
- SHA512
  
  a57978cafdd4616ddb96ac3dc05aeba3b5888545cf15f4884452a8aaf7002e856f91dbf9d62be2b2d1115e8ffe3647469342fbfc3baa10b81c0d92925e39a7da
- SSDEEP
  
  49152:cxBxnUgRYxw1DaR0L+AZe+bWR5wWu2Uqg8PEZAvp420u:YBxnUgRlDaXQWu27Lkru
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  750KB
- MD5
  
  5686166442c2cfe6aba9baba48e4cc71
- SHA1
  
  cc6980469c59bfa6eca02d9765adc5fd0aa5edee
- SHA256
  
  2707d2ced65aca83c2970e55daab2e9fa7a1d9bde31d2afd3931681589d50e5d
- SHA512
  
  a5334cb0941373473e288120887e9ab89be1884c3ef23a62535ea578a8f6d33502183663092c9a92a76129196d1ec53e4d786fd425a3866c8465a108a190ee4b
- SSDEEP
  
  12288:gFXFW8B4c+zFzNBLMALXuepJHYGcveHJUfj5PCTm1CVYA1VyO/:g9FTWzFzNBLMALXH2eHJUfFqTm1CVci
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SimpleSC.dll
- Size
  
  59KB
- MD5
  
  52aaf305fba84b5107c453424df1864e
- SHA1
  
  9887f4bd7458e1a7724b90256c073492843841a7
- SHA256
  
  f41f1173b9d367bb6a085ff0b19d1273fc0b7dad32fedbb69b07240cfc9950c8
- SHA512
  
  9a05e7a2f62956bc46d2257496256606f40e7e78ca6199a80f5945f609e4c049a92c03d7b44d301a854a0bce32ff100ff6aa2b66d4fed649c2d90de95875dced
- SSDEEP
  
  1536:E/qXv1si+Xsp9MNfPTM+Ov01p4f4fx+QxA:rv1EXZBPkvX4x+Qx
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  7f56c0d6a8733dec142814ed5a58b0ee
- SHA1
  
  c119e66f179cfb758966f3cf878466057bea1840
- SHA256
  
  86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f
- SHA512
  
  8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3
- SSDEEP
  
  384:d/lNMKbnRWKYyCvDvQH3yBf/qPNGkVWYyLrcMf9VQ8c:d/lq+RDYJf/qPNGkQ5LrcCQ
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMP/ConnectifyShutdown.exe
- Size
  
  108KB
- MD5
  
  236edcf2884c6f656104a1901eb5002f
- SHA1
  
  8288567211605e7c614510b4bad729f52873876d
- SHA256
  
  47f1a44b9a84e96cce450dee3b400bfd1476fcd4a047dd61942ba337e09065d7
- SHA512
  
  0a824f3d00a9fcc71053813a7369de887f92556e171cfade3b31ad12b842bc749c79aede72d324517ed7e2bdd0e9be0f9e12f6625c92d1cf802fbdd7ee1ba87a
- SSDEEP
  
  1536:Kij7UXnlUdS7BFQkxuuqqqqqqqqqqqqqqo8F7PvL8nxEZXM0MaVPcOiY:1jIXesPQkxlqqqqqqqqqqqqqqKVaVP9
Score

3^/10

persistence privilege_escalation
behavioral17 behavioral18
- Target
  
  $TEMP/wifi.dll
- Size
  
  42KB
- MD5
  
  a25a29ea47be9246e5d6d13ca3f2d032
- SHA1
  
  33c6ee8b670bdb10f369540faf57715b4a5078bb
- SHA256
  
  d468f39a8633450a415c468123ff7b1debd8c948899c49d8eb9fd1d81b778805
- SHA512
  
  f1fcde0e4059abf063662bc676a5f014041984954775b113813d8fad14f1ed16526d380f7be31392c4a98a8c45154c57a9946f661d0d2ae17dc45875194aa3a1
- SSDEEP
  
  768:3p5kWv5gRwZwU+TXNtfklxC5GUz7vT6IwWhZYVRxigyOO+:Z6TNtfWQ5G6NwWhZYVRxV
Score

1^/10
behavioral19 behavioral20
- Target
  
  BuildProps.dll
- Size
  
  14KB
- MD5
  
  a8fcc3d0fadc011a22300b4f457f1df1
- SHA1
  
  9c36f52b846ab552cb8ce81f0bbd2d3f9046c828
- SHA256
  
  d3d1921f7665f857f8dfa05affc3d7c8ce687171f9eeffbbf5b15e5915717b41
- SHA512
  
  97acc585189672b5621dcfcd15a4c2138c2354f997e206e64052b931cdb152716f121aacf4a5aa554ffbea010887b236e67832a7237187f26ec4a9b710947ee9
- SSDEEP
  
  192:XteCwPRBXjfdcZxQNAVyowJL/eRoeuJafjMNfzg54X8jSJUbueqYZHp:IZfyZxQGVYJLea8oNE54XdUb+ep
Score

1^/10
behavioral21 behavioral22
- Target
  
  ConnUPnP.dll
- Size
  
  31KB
- MD5
  
  2b7bfdda4cf5e5cc4f5ce416b970ab22
- SHA1
  
  b3c4f26d0242d8a3db4f542adab5ccfcca587842
- SHA256
  
  f71b91f79cc2fb048624c98b9fe15c3f01353d1017d1934b60210ac39d079b13
- SHA512
  
  7c3a5cdd37ba5b028aef9970d9695786b22e607da58d6dee3613d026e26bd103e275fd42e4fbb95b9f91a7fa18fd1a729ee92018510cd4560313c8b2db4f8f88
- SSDEEP
  
  768:KSoZFmqVpEng40b3BdhiXy8XqYduyqvfv0ULCiR:KSoZo4pEng40b3xiXy8XqYs/fMUOiR
Score

1^/10
behavioral23 behavioral24
- Target
  
  Connectify.exe
- Size
  
  1.5MB
- MD5
  
  fbbb0bb982e825891744e4c89e8266a9
- SHA1
  
  29e83aed8e98f5c3997cef00943c80ce00aa646d
- SHA256
  
  d07b54449ccca041621362f1ea26db28c606cd6414cabf7260effbffed15ba87
- SHA512
  
  21f9c1e67d086387f0398dc4d4df3361bd69b552fa311e2f9a15a61c607496497d8ab93cc516c26bf1a659cc6ec6aa5c15d788d0553712513e71532eadd8ef33
- SSDEEP
  
  12288:DNlp/dQpKaUfKaUDpNwYxzlK0gsgoG3ugykGfsggZKaUe:DNz/CpjEjWpuY59gsgtgk6wjr
Score

6^/10
- Drops desktop.ini file(s)
behavioral25 behavioral26
- Target
  
  ConnectifyNAT.dll
- Size
  
  290KB
- MD5
  
  b79524bfaf0da7f3bdbc1bc84dacd425
- SHA1
  
  82469e198f7709398c2679d37b1df3309a255e00
- SHA256
  
  6c3528078f3c3aa9aff4285b91f794468c0d1146495ea0d5e3a0a4a76f455da2
- SHA512
  
  d2374f3618f965b87ea5fbcaeeaf4a32913a0279dac7fed0eaf47a2dc7b0cedbc9ccc9a24ff3f32ddec60c9edf48cfb5cc7259d09f396d4d65f2ea60ef66ac0d
- SSDEEP
  
  6144:uQ5itXGWk5iypo+ZJH3V4LrlsOezuR2qS6yqiSaKKmayW2WWumWWuWWuWWWWWWW+:WkFJH3VSdQuR2qS6yqiSaKKmayW2WWuO
Score

1^/10
behavioral27 behavioral28
- Target
  
  ConnectifyNetServices.exe
- Size
  
  343KB
- MD5
  
  c8280d0fb19d9d8f0d45367dce7991f7
- SHA1
  
  0b6d10b1120f234ca5e12a5256f4f9484aac2953
- SHA256
  
  e9e44182146a8f0d1fdde888861ab0f34dd19af6db612e16efbf5f6cdcff21bd
- SHA512
  
  ea20f1cd1e18ea6e63caf4c7d3610449704af81740a5fb4508c96f30993717b346a50a29ef9a5b1be1e8743a39ef40d9edd375bcc8a6f22fa16e193a021df71b
- SSDEEP
  
  6144:6jKLUDRKPEkFY8zr02HP+GRzQ+AGmZdgOKRghlz/:TPU2HDJpXmZmghlD
Score

1^/10
behavioral29 behavioral30
- Target
  
  Connectifyd.exe
- Size
  
  872KB
- MD5
  
  66aed09819ac3be90305498a3759f42a
- SHA1
  
  b39e24ea7c2bacfa95f66a4401679667a5665bae
- SHA256
  
  9f6f03e14ce31cd68acea296c99dd8f458f2ff1e171e0c1d1231678255e75e3d
- SHA512
  
  63ec22ca9e4ac83cdbd9d358b75dbea0ce5417b914dd4c478bdce138fb06935a63bd5edd4e814c721f8f376156a372984ec5cb904cdf93c99cba94c3d6c0922e
- SSDEEP
  
  24576:28rPfjTI8Q8AjoGi48PR5mJ6Z2pIjBOi0kJZIbTgc:28rPfjTI8Q8AjoGi48PR5mJ6Z2pIjBOV
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32