ploutus | 0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c.exe
Size

6.3MB
MD5

784114f9b669956a77a1fca0c7991dcf
SHA1

ff7fce437c74d352d910b02911f62d53783249b4
SHA256

0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c
SHA512

1cb4afe1e5f9f56ced0a8ecbb18c50a6842449ea8751c73a7baf3e5d2d84b0f9c8f4505ebd255762f1d26e6b521102d758c2419f702ec9a7d6329d0b053cfafa
SSDEEP

196608:XMfLdxcMZ+L8o9cc5a9MwGf4Cmlbjf3L12g2Do+:opxl+nec5aqw04CCbjfxZH+

Score

10^/10

ploutus atm backdoor

Malware Config

Signatures

Detected Ploutus loader 34 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3668-6-0x0000000007BF0000-0x0000000008754000-memory.dmp	family_ploutus
behavioral2/memory/3668-7-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-8-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-10-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-14-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-16-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-20-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-22-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-18-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-12-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-24-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-28-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-32-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-30-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-34-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-36-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-39-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-42-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-44-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-46-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-48-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-50-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-52-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-40-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-26-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-54-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-56-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-60-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-63-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-68-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-66-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-64-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-58-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus
behavioral2/memory/3668-70-0x0000000007BF0000-0x000000000874F000-memory.dmp	family_ploutus

Ploutus
Ploutus is an ATM malware written in C#.
backdoor atm ploutus

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c.exe

description	pid	Process
Token: SeDebugPrivilege	3668	0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c.exe

C:\Users\Admin\AppData\Local\Temp\0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c.exe
"C:\Users\Admin\AppData\Local\Temp\0982cad1794aba43938a7db57eaa47fdf491baf804a2709ae8713eee4cffdb1c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3668-0-0x000000007440E000-0x000000007440F000-memory.dmp

Filesize
4KB

Download
memory/3668-1-0x0000000074400000-0x0000000074BB0000-memory.dmp

Filesize
7.7MB

Download
memory/3668-2-0x0000000007080000-0x0000000007BE6000-memory.dmp

Filesize
11.4MB

Download
memory/3668-3-0x0000000074400000-0x0000000074BB0000-memory.dmp

Filesize
7.7MB

Download
memory/3668-4-0x0000000006510000-0x0000000006AB4000-memory.dmp

Filesize
5.6MB

Download
memory/3668-5-0x0000000074400000-0x0000000074BB0000-memory.dmp

Filesize
7.7MB

Download
memory/3668-6-0x0000000007BF0000-0x0000000008754000-memory.dmp

Filesize
11.4MB

Download
memory/3668-7-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-8-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-10-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-14-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-16-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-20-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-22-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-18-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-12-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-24-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-28-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-32-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-30-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-34-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-36-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-39-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-42-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-44-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-46-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-48-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-50-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-52-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-40-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-26-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-54-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-56-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-60-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-63-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-68-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-66-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-64-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-58-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download
memory/3668-70-0x0000000007BF0000-0x000000000874F000-memory.dmp

Filesize
11.4MB

Download