General
-
Target
pluto.zip
-
Size
116.7MB
-
Sample
240630-kqmknavhjd
-
MD5
90f85beab5ebc92875a5b9c980ac768b
-
SHA1
18e70bcb89f7aeb2904db9fdd0a89da2d7a0b4e5
-
SHA256
b8a1e46ef14be22cfa81ffe3ed1ed5bbcb7b976d0ddaae57e842123699ac7bfe
-
SHA512
627cdb7900c9042af0cecd1a264f83edd4bce8391a91b176f6d9b06caeadf190659709b6cd6c1adae2aefd1d6477b55305e44a17174fcea6c0b7313d25fb8fa2
-
SSDEEP
3145728:S8nKuwMx7p8KfmpChPEDh3PkxcfQoILHH8Ot+LuU5xFilmn47NG9:YlMVp/fmphV0czIb6LuU5+0
Malware Config
Targets
-
-
Target
pluto/files/AnDDoS.exe
-
Size
522KB
-
MD5
d027869ca68b6df09e2fe721a1acb994
-
SHA1
d50ea5e2ab1b5b9362f010248328b19a5a395dfe
-
SHA256
0cad6aa35e8bc5c0148fd17b3ebb3477175520cd6bf32fcde9ab19ca03425a29
-
SHA512
8890d7ac227a7a8368a71a84797916521886d58de69c78ecccea82ec357f33930b28ac215905ee926b2d9f93808ff72d37cd600511eab1c4e16b9140891601a5
-
SSDEEP
12288:cCga6BJor4hQMdhwS9XVCga6BJor4hQMdhwS9Xm:cCga6BJe4q6JlCga6BJe4q6J2
Score1/10 -
-
-
Target
pluto/files/Dox_Tool_V2.exe
-
Size
180KB
-
MD5
b0424efaadfbf9991e55b397076c8181
-
SHA1
bcf68986d9f98bf5d76a7eba580eb09be05e6243
-
SHA256
dfdb90a7d5e41b030bb8bae6f325688ff3d3b3b2da8c554c34e66dad86cebe90
-
SHA512
54e4cb638c71dd987951619ffb2e1d4f98fab7d75af4c1d39fed30162aece639961863b3caf1ade34f840a02233cf9431d9eb30e76d5a470383392c2fad0bfcd
-
SSDEEP
3072:xUGBNLnlvzfNaITtRynmO/KT9C0tuXo+5yHOKlb1tKBMyoH9EJd:xUGeITtRkmO/KT9C0IXo+5yHDlXKqyoC
Score1/10 -
-
-
Target
pluto/files/IPTOOLKIT.bat
-
Size
4KB
-
MD5
de4abb02e5c7765e581ec1cdd04a3fbf
-
SHA1
06f4c26d625446e1f84341b2b3a33c2e6efd54c6
-
SHA256
c19950c0c0466185fd4448011d0c7c8ef38b61087a15b9e9397ecf8e78735cf7
-
SHA512
b690e4e9004d91f2bb9cbb7dc712e1715d01323098f7f774d6162007d55376a2568c49a603e45bfb20706b7ead1f37f7cfa92250af83a69b2ee6ff5e3db3fc93
-
SSDEEP
96:RrExshDl8df//RcjGgydEDUjZzDffL5oEr6nriXoUi:RreshDetJcjTqEDUjZzbfL5KriYUi
Score1/10 -
-
-
Target
pluto/files/Pinger.bat
-
Size
2KB
-
MD5
58cdacfd63ce6177e381271be1a537f8
-
SHA1
17e09c2e9918a2bbde3665d87c0818f36ae40f1e
-
SHA256
7db1a2864f00ebc65c649f3d6a0459deb61984869343580ad6e6a7d7f67c7214
-
SHA512
107ddb78ecb0255d916b2d2df3af9c4817ce5edd0e8979142f4deb11d7f1a1f7b652518a1fd77578d9dbf4895c094d8e16708239a457fef0846c776026710848
Score1/10 -
-
-
Target
pluto/files/PortScanner.exe
-
Size
11KB
-
MD5
81180ff65f6daab97c14475a96e34f53
-
SHA1
d1093c90b98216cc158967f74dbb06d3ef55217b
-
SHA256
6dec5c3514d52b30102491ceaae2027fca71e8441874d617a260d91aab96086e
-
SHA512
477c250607315763993bf5839551b9d6b1981d203587b75c6474281a4cdbf0051404fa07da94cb0f17cf32609a009cb92eb587da449eb0a90b381fb983b2e59e
-
SSDEEP
192:EJlqbi/kLqNBBuqqmWGBjpfJdrzDtxXyLiEVAALqkpltrjSS//:eqbi/kOsnmWQjTtDxgpLK
Score1/10 -
-
-
Target
pluto/files/SMB-Bruteforce-main.bat
-
Size
535B
-
MD5
870fca0c987ff998ab037da799629316
-
SHA1
c4959649e6f2a72715053a732f861fb476353083
-
SHA256
293e189b28e3ffbcbea5b345a02393eec0b0e378a93fabf3484102a1b70e4244
-
SHA512
71d275121b2da74d96b4dde48f06a0f9c7d1e89ed142d03ea8b951507fc122aa7369b6514d7251122f008d3bf0c2bf84817bbf45f5ecee728a977df5775319f7
Score1/10 -
-
-
Target
pluto/files/Wifi-Multitool.exe
-
Size
5.7MB
-
MD5
6f1d91ef2641a2d852f51516e75ba4f0
-
SHA1
7bec1d2a377de433c0a921365e29bc2b4bfa1b7b
-
SHA256
047e39242d5f2be33fc5b6985d9dd8349049112c97a69281310fc9b5861de398
-
SHA512
986d5076d12d7286ad80a06974f3ec4b90becf6da8940e87a7556ce3380d65c079182c5e4c02dd141469cedfdcd4682e44905ea9584c508d2f557768a2c1309b
-
SSDEEP
98304:er68wcqmbxaQBNBU5ytgMwzu+Zkh/tLiclDXc3/Zpjx0bU0p6bEWq4:em0xbAQveItwq+ZkiKDIjx0vUDq
Score7/10-
Loads dropped DLL
-
-
-
Target
pluto/files/arpspoof.exe
-
Size
126KB
-
MD5
840daf997e25592cf455ffb36da5d59b
-
SHA1
07d06bd1d59b6c798e940a053533189b0b559a4b
-
SHA256
cf1dd2a16c73b7796df81d47f585fe7d870ae1aca5f87523d31b48f10e4599d8
-
SHA512
9cf525d9315d526ef1559d199faa0dc2c96c2ca12b5f9c90a2b99e572f34ee87268a8c7ef606165a2c08adc6e47761697bfcaffba9a4828ea37ce3b28cb85e8f
-
SSDEEP
3072:mgOyMo5sJ3cZ2XgLrLqfRMnKchEO2yfF7qXf:mgpZ22vqfXy92Xf
Score1/10 -
-
-
Target
pluto/files/doxing-framework.exe
-
Size
102.5MB
-
MD5
ebf9656f50508669b9482b35eaf357f1
-
SHA1
7c88d7df529724c89256d5b5b54d82b4abaa67c6
-
SHA256
eee6e9869bd6410f1cf2fc089771406e3c3df0e4afd62b172ace7a2ca3b0beca
-
SHA512
5ddaaf320def2e64b1dd5f96672c043d892cafb7e2c8b2157ce280fed27857e72267dca9197f30ff311459440909bd978663dd0dabd57afa6f35cb59cf16c649
-
SSDEEP
3145728:VUCV7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWTDX9U:SSVBSWNa6sHCiH1XcBWn
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
pluto/files/emailbomber3.exe
-
Size
6.6MB
-
MD5
0ceb1ca34c14b2e71e22e022f24afbe5
-
SHA1
521e9d8a60c5959bb199a568b5ba4069f219308a
-
SHA256
bb09957553ef2a16165553594c45edc2ec90ddc194d97189071fc0f9635796c8
-
SHA512
4c1123b4a09688661c60aa05c75281811254ddd77f962f1820044e395a813740450eba3e44adac4fce31293040d7c3e4e898299046db1bbd016cb8596d58ff01
-
SSDEEP
196608:QZ5BASL2Vmd6+DBnNgwQ+dtLZ7kNHCq/hUpe69:aHL2Vmd6mNNjd7WHCNe6
Score7/10-
Loads dropped DLL
-
-
-
Target
pluto/files/info.bat
-
Size
1008B
-
MD5
e85f0ba77dcf1c969645d2332c4acf91
-
SHA1
2950ca197922f4ba113234c64d70a219895386e6
-
SHA256
68196f1acf2cd2ee6015d79e6fc66a8ef2d878527fd7d9cef290c2a011b4c6ec
-
SHA512
01ac8bc0aa4e7c4565ef18ce80ce8887d5c22a9e3c3cd88dbbf9f3335d1b0793aa5ff5b86ec781663c4c5bf63a509ac7ac331ec3cf079d4bbcfc353ab4d1b619
Score1/10 -
-
-
Target
pluto/files/iplookup.exe
-
Size
2.1MB
-
MD5
cb4903c1c4f23b021905da634c002f04
-
SHA1
c2ccf3a1e5037c6e540b94a59e2c367ba8cd9090
-
SHA256
49945b5eb3f80e6bb9dba81c6c6f643245bb0831ce2f6e5abf4db12ab6709b76
-
SHA512
7f632331ba7f2fdd3c76f7f158a1cd6e79be796f2dc9f9149b7a071bb77b35fc4f0c6f189a8179eaf4947533513a3f926c879c50c8cf6cb13abdd424113f48fa
-
SSDEEP
49152:PFkR/VWoA1QfIBoq2Pkbu5Gk6hQW/3f2V1mPzidqz/CIaB2w:NkR/VMCGvj/vYkP9aB
Score7/10-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
-
-
Target
pluto/files/pScan.exe
-
Size
1.9MB
-
MD5
03b867083e6c7766c4829cfda776c01c
-
SHA1
52ce47d754f53e32afb7625b47a4cf4d21efc04c
-
SHA256
d023f36a47d4d81491c3ffc7192669199441d7388c159f59414b3b5f137c519a
-
SHA512
c906206f3a79d9921b8addc69e50b8c31b8b4191faa81b608dfce7295f1714a21a593145d2bb9e847a606ae093de26b641f49bcebe83fe2f88b9984d3799ae79
-
SSDEEP
24576:8v7kE2Ew+MCC5ac1+xJRAVoW0Qdz+Ec0xMkb8JsU3AoPqqItfGsDS:07kE2OMF5P+vPSgqqItfGsDS
Score1/10 -
-
-
Target
pluto/files/psexec.bat
-
Size
3KB
-
MD5
669c176c6ab42f63d8b7cdf40ff652d2
-
SHA1
ab9d8ab345d09e50de0d58afdf73efc77647701a
-
SHA256
ba56670c8f09a2523816b154482b26cb2bc5faf496042b0146d7c5a1c977afce
-
SHA512
2e9a0aeb19a85539f857831fe5a4b6b28621dba4a6b98acdc1e079540a1f7aa3e652ef74334ef36c19bb10bed9fc58a97febcd4eeeaf45e220262be169f57e98
Score1/10 -
-
-
Target
pluto/files/putty.exe
-
Size
862KB
-
MD5
239c6a38de34b2cc26afbc41adf3a11d
-
SHA1
ff5d4e320e599666a629e1d76638111221ca8ba1
-
SHA256
b73d6f26808b85c67cc0714d0bd1ead6c0dde47b21ddcf1f76962725d8e3311d
-
SHA512
bb25a7e88afc1bcb1226442d436f45d1ed88eac64008f1eafcdfd9c32b749507fbf019186262ce84c8d29274b961d835e87853698562bde79b00245cf3f4d04d
-
SSDEEP
24576:xy2Xx8ZbQ63aRtpjmi9CBBjP0rQw/6zSYj:xy2gbQ63Kj1CBSrQwZs
Score1/10 -
-
-
Target
pluto/files/rpcdump.exe
-
Size
32KB
-
MD5
786d384db580c2ae57c93ec4688a7d13
-
SHA1
49c449b682b2cccf7934563dd0b61a9ea3d03c1f
-
SHA256
5ff0f09fdf3266ed48fc36dd7098809766f26b49b54a031d5a8bc5e273de0618
-
SHA512
e6ed24d82b8187fd9f3830ca041cd7ad7cbbb40646a11a17dc178c9fccc88edf04b3c279cb8cb1d90b265e261feda16761131025850e8bdbdb71fe4989950d3b
-
SSDEEP
384:bCMIgtYmTPZSPPGfygJyrmlrvOBYnIPPMj/5vrHbN3KZhY37:7IgtxPZmGfXJh9IPPG5D7VKD
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1