General
-
Target
66f0d151d9994cc5811c746d48265e60N.exe
-
Size
3.2MB
-
Sample
240724-j9rs2swfrm
-
MD5
66f0d151d9994cc5811c746d48265e60
-
SHA1
455ad3c941653dbfd4b0727527d67344dcf96865
-
SHA256
8b097b6ebfe177d49434f4d632ce912792d52c149f431dd51c8e8631110abefa
-
SHA512
f54b4a99782fda97530d79fb48776d8b3641d530c31c0fd2ac327ba6fbaf899bb3d39cc3b57a1973b63596ea59b1ddec8999f03705b0fd2ccac3f5b627f23bfe
-
SSDEEP
49152:t5NbfJJb4/WGdvbKJJb4/WGBJJb4/WGwJJb4/WGA0wr+jTZtaZ3Otfj7UCLiJJes:1XbbG5mbbGVbbGobbGABr+dCe6GU
Malware Config
Targets
-
-
Target
66f0d151d9994cc5811c746d48265e60N.exe
-
Size
3.2MB
-
MD5
66f0d151d9994cc5811c746d48265e60
-
SHA1
455ad3c941653dbfd4b0727527d67344dcf96865
-
SHA256
8b097b6ebfe177d49434f4d632ce912792d52c149f431dd51c8e8631110abefa
-
SHA512
f54b4a99782fda97530d79fb48776d8b3641d530c31c0fd2ac327ba6fbaf899bb3d39cc3b57a1973b63596ea59b1ddec8999f03705b0fd2ccac3f5b627f23bfe
-
SSDEEP
49152:t5NbfJJb4/WGdvbKJJb4/WGBJJb4/WGwJJb4/WGA0wr+jTZtaZ3Otfj7UCLiJJes:1XbbG5mbbGVbbGobbGABr+dCe6GU
Score10/10-
Detected Ploutus loader
-
Modifies visiblity of hidden/system files in Explorer
-
Ploutus
Ploutus is an ATM malware written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1