General
-
Target
SimHub.9.03.9.zip
-
Size
185.0MB
-
Sample
240707-n79nas1glq
-
MD5
2157b3e23c819ae5e2407f6fa6047342
-
SHA1
a81779bd0aa58b3be16fc9bcc0a20462bb4f117e
-
SHA256
857553432565327af37d29eda84c78e2dcd1f25db5aeb195ea4b203613f12c10
-
SHA512
cc9251bc9dd62200173448bc593c0de3b8a613b4e0798786e39945c0ea70f3492b958625e970b6aa1b01f13ed47382d2e42b3e70e875de541c975021dc156723
-
SSDEEP
3145728:yrvf5SlnaGnpOT3i7xvbagUwvQikmpVYoSIrAr0ybpC3jbULLTBByHwPxXlVz8yy:ybf5o9MT3EvGgUwvO6hkAmC3jb2BByH5
Malware Config
Targets
-
-
Target
SimHubSetup_9.3.9.exe
-
Size
185.5MB
-
MD5
8a3b13b54de512db95ece51c5e703473
-
SHA1
564a08d2b33859d1a5921f0864c64d594bda64dd
-
SHA256
2887fd46873d646816714976f2edda4817b287fb9ef3676505e11e71cc1ac2da
-
SHA512
84ede4b02e729f0469b4b58cfd7427742d6f79068829bca40098b07641d99ada3fc279a999b66035df448972da128bd7e2c35ce83ade8542d9c2ab654a82c1b5
-
SSDEEP
3145728:FR1iRL+jjl/bFhgZJAr4TfzW4OPGoeIt52GwmvofGETxWVtDE9rXtKG+vJzXRZUz:FTiRSPXOZJtTrW4OP+qbweUWVtDwtKGF
Score10/10-
Detected Ploutus loader
-
Ploutus
Ploutus is an ATM malware written in C#.
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1