ploutus | 74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829 | Triage

Submit
Reports

Overview

overview

Static

static

x360ce.exe

windows10-1703-x64

6

x360ce.exe

windows10-2004-x64

4

Sharing

General

Target

x360ce.exe
Size

14.7MB
Sample

240629-phvnhszgnk
MD5

be80f3348b240bcee1aa96d33fe0e768
SHA1

40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
SHA256

74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
SHA512

dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
SSDEEP

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score

10^/10

ploutus bootkit discovery persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

x360ce.exe

Resource

win10-20240404-en

bootkit discovery persistence

windows10-1703-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

x360ce.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  x360ce.exe
- Size
  
  14.7MB
- MD5
  
  be80f3348b240bcee1aa96d33fe0e768
- SHA1
  
  40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
- SHA256
  
  74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
- SHA512
  
  dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
- SSDEEP
  
  196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR
Score

6^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

© 2018-2024

Terms | Privacy