ploutus | 8d022a2eb23de6c1a15af83b3dbb51598e121e8488a1a4c1341e3296857c20c8

Sharing

Copy URL

Twitter E-mail

General

Target

8d022a2eb23de6c1a15af83b3dbb51598e121e8488a1a4c1341e3296857c20c8
Size

13.2MB
MD5

4d6d1b271a4c108fce94d992f37ebb50
SHA1

61a8432a7a0b9362ffabaecfe3aef5e42d707830
SHA256

8d022a2eb23de6c1a15af83b3dbb51598e121e8488a1a4c1341e3296857c20c8
SHA512

0117b373e4d8a7f7d8096d65f47862f22e929018dec9b209de3ebdf9ead246b1d4d88d45638a98da52afa79ba1560a878fac259f1877537243c08285528c5d3f
SSDEEP

393216:ZzCn+O7YjNcbB041Yfmn3wjmc1KbRtjh4/j5:9CnYjyBifljQRtG/l

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/x360ce/data/Reg.data	family_ploutus

Ploutus family
ploutus

Files

8d022a2eb23de6c1a15af83b3dbb51598e121e8488a1a4c1341e3296857c20c8
.zip
x360ce/data/Reg.data
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

06-09-2018 00:00

Not After

05-09-2028 23:59

Subject

CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:c7:a2:8d:3a:6f:d3:39:ec:e4:bf:53:58:03:b5:16
Certificate

Issuer

CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

Not Before

01-08-2020 00:00

Not After

01-08-2023 23:59

Subject

CN=Evaldas Jocys,O=Evaldas Jocys,POSTALCODE=W12 0LX,STREET=Wormholt Road+STREET=5 Cleverly Estate,L=London,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:56:43:57:63:22:9e:04:ce:38:45:79:02:4c:9b:30:e6:57:8c:79:e9:00:79:14:e5:82:aa:8a:b1:91:38:46
Signer

Actual PE Digest

c3:56:43:57:63:22:9e:04:ce:38:45:79:02:4c:9b:30:e6:57:8c:79:e9:00:79:14:e5:82:aa:8a:b1:91:38:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

x360ce.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14.6MB - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x360ce/data/Reg.dll
.vbs
x360ce/x360ce.exe
.exe windows:4 windows x64 arch:x64

Code Sign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:4f:4b:a2:5c:15:e3:bb:08:87:e8:b9:d1:ee:2b:ff
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

04-04-2024 13:37

Not After

04-04-2025 13:37

Subject

SERIALNUMBER=1078191-6,CN=Advantium Consulting Inc.,O=Advantium Consulting Inc.,L=Oakville,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19-02-2024 16:18

Not After

16-02-2034 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:e4:1e:84:81:0e:bd:bb:6a:c2:4c:5b:46:b4:f4:8c:ee:b2:66:13:64:70:79:02:fb:75:45:cf:42:a7:5a:1b
Signer

Actual PE Digest

db:e4:1e:84:81:0e:bd:bb:6a:c2:4c:5b:46:b4:f4:8c:ee:b2:66:13:64:70:79:02:fb:75:45:cf:42:a7:5a:1b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\source\repos\Sentinel\Sentinel\Sentinel\obj\x64\Release\x360ce.pdb

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32Certificate

Extended Key Usages

Key Usages

6c:c7:a2:8d:3a:6f:d3:39:ec:e4:bf:53:58:03:b5:16Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c3:56:43:57:63:22:9e:04:ce:38:45:79:02:4c:9b:30:e6:57:8c:79:e9:00:79:14:e5:82:aa:8a:b1:91:38:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14.6MB - Virtual size: 14.6MB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

2e:4f:4b:a2:5c:15:e3:bb:08:87:e8:b9:d1:ee:2b:ffCertificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

db:e4:1e:84:81:0e:bd:bb:6a:c2:4c:5b:46:b4:f4:8c:ee:b2:66:13:64:70:79:02:fb:75:45:cf:42:a7:5a:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 148KB - Virtual size: 148KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32
Certificate

6c:c7:a2:8d:3a:6f:d3:39:ec:e4:bf:53:58:03:b5:16
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c3:56:43:57:63:22:9e:04:ce:38:45:79:02:4c:9b:30:e6:57:8c:79:e9:00:79:14:e5:82:aa:8a:b1:91:38:46
Signer

.text
Size: 14.6MB - Virtual size: 14.6MB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 512B - Virtual size: 12B

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

2e:4f:4b:a2:5c:15:e3:bb:08:87:e8:b9:d1:ee:2b:ff
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

db:e4:1e:84:81:0e:bd:bb:6a:c2:4c:5b:46:b4:f4:8c:ee:b2:66:13:64:70:79:02:fb:75:45:cf:42:a7:5a:1b
Signer

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 148KB - Virtual size: 148KB