ploutus | 338b3026d18a25a1acebd822892226b41586cc9dfaaa1311e41006676e33cbdb | Triage

Submit
Reports

Overview

overview

Static

static

7

Abdal FTP ....0.exe

windows7-x64

Abdal FTP ....0.exe

windows10-2004-x64

7

Sharing

General

Target

Abdal FTP BruteForce 1.0.exe
Size

142.0MB
Sample

240808-2ez52s1dqk
MD5

b10bbefa03b5fd41ca93e729d10fe865
SHA1

2e3916e4fd64097f5a56207401aace3dfb57492f
SHA256

338b3026d18a25a1acebd822892226b41586cc9dfaaa1311e41006676e33cbdb
SHA512

51c97bb0867ab291666cd3b859fa57e21c1821da20b393fdc81aee5fe80e6f1b008fabda413880a4fd4d724fef9ea37290641384edf23260c152f6a3f5491d7b
SSDEEP

3145728:PwyrS6jEpcXAo8UXvOuiMPNGsLE7Ji4SMl5:PwyrfjXQHUX2MP4Xb

Score

10^/10

ploutus agilenet atm backdoor discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Abdal FTP BruteForce 1.0.exe

Resource

win7-20240708-en

ploutus agilenet atm backdoor discovery

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Abdal FTP BruteForce 1.0.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  Abdal FTP BruteForce 1.0.exe
- Size
  
  142.0MB
- MD5
  
  b10bbefa03b5fd41ca93e729d10fe865
- SHA1
  
  2e3916e4fd64097f5a56207401aace3dfb57492f
- SHA256
  
  338b3026d18a25a1acebd822892226b41586cc9dfaaa1311e41006676e33cbdb
- SHA512
  
  51c97bb0867ab291666cd3b859fa57e21c1821da20b393fdc81aee5fe80e6f1b008fabda413880a4fd4d724fef9ea37290641384edf23260c152f6a3f5491d7b
- SSDEEP
  
  3145728:PwyrS6jEpcXAo8UXvOuiMPNGsLE7Ji4SMl5:PwyrfjXQHUX2MP4Xb
Score

10^/10

ploutus agilenet atm backdoor discovery
- Detected Ploutus loader
- Ploutus
  Ploutus is an ATM malware written in C#.
  backdoor atm ploutus
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ploutusagilenetatmbackdoordiscovery

behavioral2

© 2018-2024

Terms | Privacy