Overview

overview

10

Static

static

1

dabJcg.html

windows7-x64

3

dabJcg.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dabJcg

  • Size

    492B

  • Sample

    240728-3ll3fa1enr

  • MD5

    f518ceafc916251539fa397ef42751c2

  • SHA1

    72ff99ce50a7582f9791c52aae33e032b1196bba

  • SHA256

    2424e7d02f79be94621e462336220b568f903323e9c5558521871787940693cf

  • SHA512

    3037465c4e22488081c2fb7cd73a3bd1dc4b7ea8bcb3e392460d4de177fc7fc643ee6ff0dd99d6e86e1f49fff7850bc7efc7d40f4ec1e5a11cc5abc99a9f0c92

Score
10/10
ploutusatmbackdoordiscovery

Malware Config

Targets

    • Target

      dabJcg

    • Size

      492B

    • MD5

      f518ceafc916251539fa397ef42751c2

    • SHA1

      72ff99ce50a7582f9791c52aae33e032b1196bba

    • SHA256

      2424e7d02f79be94621e462336220b568f903323e9c5558521871787940693cf

    • SHA512

      3037465c4e22488081c2fb7cd73a3bd1dc4b7ea8bcb3e392460d4de177fc7fc643ee6ff0dd99d6e86e1f49fff7850bc7efc7d40f4ec1e5a11cc5abc99a9f0c92

    Score
    10/10
    discoveryploutusatmbackdoor

    • Detected Ploutus loader

    • Ploutus

      Ploutus is an ATM malware written in C#.

      backdooratmploutus

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks