ploutus

Sharing

Copy URL

Twitter E-mail

General

Target

Paint.NET_v4.2.10.exe
Size

9.9MB
Sample

240902-ekn9ea1crn
MD5

29f8c3e869f2396f8640625c913b0b87
SHA1

1b7c0a1b3175ff37296fff1d8c65a25c6232cfdd
SHA256

165b5a81a861e79f1e333226cb8e120023a4df4ba913e62677fdbb43ca212c02
SHA512

34fa3218bc90a759e7975bcc4f3541080628ee3a42085c69d9cfa3aff62fd15e663c0c5936c0e17ab4ee7714e8ef205d2d69bf705ea650f0cfa5735140ef2404
SSDEEP

196608:uoOiJ3jKzTHHzUNl2PJk2g6RHZl22Cysj4Lk9gC4zuqWRZa5:uRi9Qn4OPJk/1h4LAgC4zFt5

Score

10^/10

Malware Config

Targets

- Target
  
  Paint.NET_v4.2.10.exe
- Size
  
  9.9MB
- MD5
  
  29f8c3e869f2396f8640625c913b0b87
- SHA1
  
  1b7c0a1b3175ff37296fff1d8c65a25c6232cfdd
- SHA256
  
  165b5a81a861e79f1e333226cb8e120023a4df4ba913e62677fdbb43ca212c02
- SHA512
  
  34fa3218bc90a759e7975bcc4f3541080628ee3a42085c69d9cfa3aff62fd15e663c0c5936c0e17ab4ee7714e8ef205d2d69bf705ea650f0cfa5735140ef2404
- SSDEEP
  
  196608:uoOiJ3jKzTHHzUNl2PJk2g6RHZl22Cysj4Lk9gC4zuqWRZa5:uRi9Qn4OPJk/1h4LAgC4zFt5
Score

10^/10

ploutus atm backdoor discovery
- Detected Ploutus loader
- Ploutus
  Ploutus is an ATM malware written in C#.
  backdoor atm ploutus
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  PaintDotNet.SystemLayer.dll
- Size
  
  587KB
- MD5
  
  e6f63db25d665e0c211581312df16797
- SHA1
  
  2f48a1be6943625817c06c9b2f7887935bcf2384
- SHA256
  
  9c1789a4eee5a7ebcdf9b7d36781cfdda6e64728058fdcd54b5fccb45a7ec827
- SHA512
  
  459094186b01b244ae80dee321b7cf59075eeda21db4f989ce71b65031363c3ee2eb2a64da616f7b2c4be5e45654b286e1e7d1122aea338c1bde6e4778422fd6
- SSDEEP
  
  12288:U/qDjFbAfyNQjVi6oFydWw6Y7yGzbawWDlF1QX1uE8LIEy:UiDjZAfyycXydj1z/WDlF1cuE8L2
Score

1^/10
behavioral2
- Target
  
  PaintDotNet.exe
- Size
  
  1.9MB
- MD5
  
  95e69a189ecfd29573b0546039812cc4
- SHA1
  
  fcbdb781ec8f3ae705401bd5cabba6ee0301996d
- SHA256
  
  7a26dee46d62fc3cf3e9a736d87391110503b598a3eb9da3b95705b643bf3d60
- SHA512
  
  4c3a70dce20f8e7f027dc0ae52230a049f636a0e5e0db9f1a019602838b126678f66322ec6bd3944e4173e13a3aff08ce7b115536010f03f10be7fd7ad5994fb
- SSDEEP
  
  24576:fNNkp4r75srFQp/BWxBlnG8yh31Pkuh29GTjEc8:8FuoxPG9FPlh2X
Score

1^/10
behavioral3
- Target
  
  PaintDotNet_x64.msi
- Size
  
  42.1MB
- MD5
  
  31eb66f25819d9c80acba3d303e40698
- SHA1
  
  16195d7ace6f09041681f2bab2b019efe7512b60
- SHA256
  
  9ab5009f9d378785abb19f2e2e5cae5c6605c9309b365bb6e29f9a42e69e1eaf
- SHA512
  
  48a3381d666e30c08bd100cd19f1d146ee05c70f4e156582834bdcf429bbb58cca06be89a6efedd91c3567d539b0277cd6d95605578dc2a98ac3c6630bf3244b
- SSDEEP
  
  196608:UuSd3334PMCsfg9cQrAbJAkQMlbVPEAG+kaAG0Uf21d3334AX1aTFnD4YQzLMViw:P/MCsecGPM/jGVJ1mFDD9
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral4
- Target
  
  SetupShim.exe
- Size
  
  133KB
- MD5
  
  829f3a3164d7e6b1bd72a2412aefd0df
- SHA1
  
  2d656d236ea967245cb0b18d48355e4650863612
- SHA256
  
  40f630e6f8838fe6070fce2aef769530033d8bd6b8699e9565468a16f0e3f110
- SHA512
  
  7ddf8d47e1bb496fc83f865c92ee3f3b1aef7cfc4cacb63307dcdf931a33f700e8f3b2a225ee273412dd074883e3e389e5b94336cae98db0faa1284abbadfea4
- SSDEEP
  
  3072:2N8Hab73bFvqGnVFYvB6T8dhNgeae1U1P7oBVYoHoC8GAjuF6PfaMqVuipKYnTbM:2qs73bEXB7d1IPOopjuF63cKGvM
Score

3^/10

discovery
behavioral5
- Target
  
  System.AppContext.dll
- Size
  
  20KB
- MD5
  
  8cc4c7dfeb41b6c227488ce52d1a8e74
- SHA1
  
  93702135db0646b893babe030bd8dc15549ff0c2
- SHA256
  
  9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39
- SHA512
  
  e4da7e3ae5ca31e566ea0475e83d69d998253fb6d689970703a5ad354a2aad1bb78d49a2c038f0a3c84a188d091696191b04e4a39253deb3b6cb310b72f02f97
- SSDEEP
  
  384:uDNxWQFW5+109m0GftpBj9yaQHRN7SAl78oSwDnu/L:uDNV+Vi+LSyaw6L
Score

1^/10
behavioral6
- Target
  
  System.Buffers.dll
- Size
  
  27KB
- MD5
  
  a65596a77e2e206a84237ece6ab21a1f
- SHA1
  
  bac34c8a68c12051c6f5395c5a759d7ab519a8ba
- SHA256
  
  72b10a7d404778fed460f3ff0204cf7e81a8a5a79c99132821928b63f6ae99cb
- SHA512
  
  e1fbea6c58f246f71b4b6a754cc3bf5f0aed802be6c9daa35ca4eddd0d6799e29ec3f64381f00f4f61330baf6b641819be4fdefb9b869b60acbed8994a407639
- SSDEEP
  
  384:H1IwSyJfREPFp/yXOTF7ZWYYWmDNIam0GftpBjnaQHRN7uCgfl3:HFRJWPLaXuwDNViVLu
Score

1^/10
behavioral7
- Target
  
  System.Collections.Concurrent.dll
- Size
  
  20KB
- MD5
  
  559c98eb9633c7ba1bc813f8e6e0e9a5
- SHA1
  
  311f52b31611e6dc5fd4c0159bfa452c22980ca7
- SHA256
  
  cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c
- SHA512
  
  e241c16869d1cdbb2c6482a7c5b2af93de4ba0cef8185b8826eee35ecb174f35f7585c8ae0320f7f4f6b80f3bb5b3edae2383760f2f35637f03c3a0e38e0875c
- SSDEEP
  
  384:Jm2igOWnW8rWwvT1Dm0GftpBjVjaQHRN70lxBGDD:5t/1DVinjLSMD
Score

1^/10
behavioral8
- Target
  
  System.Collections.NonGeneric.dll
- Size
  
  20KB
- MD5
  
  45ff71114047dbf934c90e17677fa994
- SHA1
  
  526c688e71a7d7410007ad5aa6ea8b83cace76c5
- SHA256
  
  529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696
- SHA512
  
  29684ac5391268eaa276196a6249364f6d23abfe59bdc304a561cf326cea6cd662fa04c05e15924fd6d3f9e9d1607992b8dcad3f817cfe891580f9d9462fe9b7
- SSDEEP
  
  384:2napn1iwwPWcGWNhvT1Dm0GftpBj/aQHRN7oIBldBoQAY0GP:lDuF91DVi1LoIzoJYR
Score

1^/10
behavioral9
- Target
  
  System.Collections.Specialized.dll
- Size
  
  20KB
- MD5
  
  b52c339601cb264f83df72d802e98687
- SHA1
  
  8bbb7badaaa912c1f17775e9acdcab389704c772
- SHA256
  
  938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c
- SHA512
  
  287f08ab07827570f9f3ef48a6d7e5c186899a2704fb3dbaf36975f6be7b29fb6695a69fab85a6f09bddefb60c79052c3a33cf862651f892eb9d773d880b3af8
- SSDEEP
  
  384:2ZHLaEav5aaUa6arWVLWOvT1Dm0GftpBjq1xFaQHRN71mldBoQAYu:rPv5t/NOF1DViQ1xFLcoJYu
Score

1^/10
behavioral10
- Target
  
  System.Collections.dll
- Size
  
  21KB
- MD5
  
  1d8aafeca1ea565b257384d3f64864b0
- SHA1
  
  4d923b100142afa2e0a8b7acdb3a6de6feb91148
- SHA256
  
  c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707
- SHA512
  
  99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb
- SSDEEP
  
  384:h6iIJq56dOuWSKeWkvT1Dm0GftpBj0RaQHRN7T7lxBGDto:viAw1DViKRLTxMi
Score

1^/10
behavioral11
- Target
  
  System.ComponentModel.EventBasedAsync.dll
- Size
  
  21KB
- MD5
  
  6067ecbab3c6dddb6bf7c49c7948caa8
- SHA1
  
  5f3da777af01dbc159bd8d9d97d5dc105918afc5
- SHA256
  
  22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5
- SHA512
  
  9f3e834b8342e0c7aa5ccc993b520d664b03f1f0091066c66067923e1d4991efa03f63908552538c05f423aa2b696de7c76993f71a7564f3e87662cb0fc00726
- SSDEEP
  
  384:/nzz+MpSaLWW0+WNC7Bm0GftpBjsY1xaDaQHRN7RlTZVkRzQ:npuAViVxaDLHZV+Q
Score

1^/10
behavioral12
- Target
  
  System.ComponentModel.Primitives.dll
- Size
  
  21KB
- MD5
  
  2f39655ccfc010e32a7240d9bf5d0852
- SHA1
  
  20aeaed12dfb8d71e39687350eb12bc0de372af0
- SHA256
  
  bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37
- SHA512
  
  9769e59279a32f29c2f2c6970c81d3ed76fe3421b819ddffc8fa98329f1b45300c737fdf71956672f80f69b3a75727d184f8c421e00b84e94163a86cb744a991
- SSDEEP
  
  384:fGhr+YUfyHxsW/HWiC7Bm0GftpBjoEKaQHRN7VlO62gHcXn2d:MkmyViaLEg832d
Score

1^/10
behavioral13
- Target
  
  System.ComponentModel.TypeConverter.dll
- Size
  
  22KB
- MD5
  
  d1699287934da769fc31e07f80762511
- SHA1
  
  bfe2384a92b385665689ad5a72f23abc8c022d82
- SHA256
  
  0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb
- SHA512
  
  4fef3e1535f546ffdde0683f32a069beeffe89096524c7068f1f5ce8377824f82ae530d3990c9dd51bccaa9e53fded5613fa1174013325808059276dee771187
- SSDEEP
  
  384:BRE+ruiA5vzWeNWnvT1Dm0GftpBj94aQHRN7N+ql78oSwDnuQM:BS9bW1DVib4L5awfM
Score

1^/10
behavioral14
- Target
  
  System.ComponentModel.dll
- Size
  
  20KB
- MD5
  
  632cc8ad69b76fd9bb5847de1e1439f7
- SHA1
  
  2e32d50ec33ec6635681485b754f4e58d434a5ee
- SHA256
  
  5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479
- SHA512
  
  9ba5cc82573308e5d995ba05bc660fc1c087eb91d8bd7efca6ff838a3c47bd6118d9c92919b2e0dac11a5a27977318c5c819499dc19cd5d6e57122a0749858c6
- SSDEEP
  
  384:HT+6ywnVvW0LWqvT1Dm0GftpBj+XaQHRN7qn0lTZVk0N:H9911DViYLqeZVdN
Score

1^/10
behavioral15
- Target
  
  System.Console.dll
- Size
  
  20KB
- MD5
  
  ea9376c17ee0148f0503028ad4501a92
- SHA1
  
  9d5686cbf45e90df5e11d87e7b90173a1a64b1a0
- SHA256
  
  b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a
- SHA512
  
  18d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a
- SSDEEP
  
  384:iRbzriaXT+WlEWLC7Bm0GftpBjXUNZiTaQHRN7hldBoQAYv8:A7icYVisiTLToJYU
Score

1^/10
behavioral16
- Target
  
  System.Data.Common.dll
- Size
  
  150KB
- MD5
  
  d712a5a82a446086443ce00b610d8a5d
- SHA1
  
  7add96baa123db819f2f3d5aa62d6f872ce8fe14
- SHA256
  
  1c7bff6f16bb618648e699b723aeafe511515cd6aad699c25faae2a507e22811
- SHA512
  
  225128e58e2f01b5caada6fe54b1d32ff6a700542ce22b425649ab22da2944f796f04d1a2428c542bcab5348a161cf73f5f9a1e7bbf1f6417c4d507217fe3fd0
- SSDEEP
  
  3072:wdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Pch:i+2jv1x0ebezWiumh
Score

1^/10
behavioral17
- Target
  
  System.Diagnostics.Contracts.dll
- Size
  
  21KB
- MD5
  
  99373ab10858746aad424f28b48277f5
- SHA1
  
  5042ee630a6c7c2986e8323a14d052c1d83b6f61
- SHA256
  
  9c4ae61e0e8365762efe3d34c5595029f2c12e0079e6070720e2cef0882c84e5
- SHA512
  
  e96f8fdd6ffb702d344746ce82de576bba8636ede3e39a7da18ccf8a0178b8346fd31140760b864f1487d7804d931ff1a18de07a4cafa0cf79bdb340421fc03f
- SSDEEP
  
  384:8RtRWjYWYvT1Dm0GftpBjaGaQHRN77TlgaGn73:+i61DViUGLHG7
Score

1^/10
behavioral18
- Target
  
  System.Diagnostics.Debug.dll
- Size
  
  20KB
- MD5
  
  8b8c402311d7ab87e588675e736414fd
- SHA1
  
  eb8c010a35b461402c1c33133f1b61c78be8425a
- SHA256
  
  55a30d92d163cf1807bea6dc13b4c13e70aebbb034dc77eaef4f4394730dcd8e
- SHA512
  
  d03f450a3a19320de71145e48cd7c088d9b50d0a683cc9a79d8967dce085a6f63cbe537fca1c6208865eb52eafb10189613c7233047318caeb2fb2c23c34a269
- SSDEEP
  
  384:IeWnoWMC7Bm0GftpBjVwaaQHRN7g20lgaGn771Y:InTViMaLnYGtY
Score

1^/10
behavioral19
- Target
  
  System.Diagnostics.FileVersionInfo.dll
- Size
  
  20KB
- MD5
  
  0d9a641105098d642567b22101a4de0b
- SHA1
  
  12419c25d1c2eb706a4e4e649ee353ceda7446a9
- SHA256
  
  7c25a74772e135257235640a0264ddc05235e14f3627896cfe735e9955155f83
- SHA512
  
  fd4560cdf01de237ddf797a33c5dbc220d3fcae07ede17d43c39f5562e36e03646676a87e20699d7603fca6d84f66c8756eb863dd4727b7e1a499619bb88dde1
- SSDEEP
  
  384:m6oWJjWlC7Bm0GftpBjJeiaQHRN7t2H9lO62gHcXq:m6vpVi+iLtecg8a
Score

1^/10
behavioral20
- Target
  
  System.Diagnostics.Process.dll
- Size
  
  21KB
- MD5
  
  d86b0aca05321569d9383dc7c4e9e934
- SHA1
  
  2ef7d0a222c3a3e564b3c72d5b71a5be40a7adea
- SHA256
  
  28b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754
- SHA512
  
  5959e1129c983825233a07869dd1b2b1db32830d2b5f6b7f8d869c39a76a241f88f76d37341fdfbf56f000fc6acba19aeb36a7efb94721494b41b65bf4978651
- SSDEEP
  
  384:Gqk53/hW3fZ+zWQC7Bm0GftpBj6dlwaQHRN7q5blgaGn7i:Gqk53MpViywLGbGu
Score

1^/10
behavioral21
- Target
  
  System.Diagnostics.StackTrace.dll
- Size
  
  23KB
- MD5
  
  fa98a0f020248c2be1dd40c07092f22a
- SHA1
  
  ef6b3ccff90beddab5ce6f60b4cc23f75edfd009
- SHA256
  
  cae99f910874288afbf810968d13b79d755cd4b2006609ec036ea4934181cba5
- SHA512
  
  554a25c761102dc41a9e421621e329868d1162ab29f47e59754c8fcfae0c12bbe8200e1b5975abf926f1de0977a5407c43202ac8a2801c69a7f01d95b6a1e959
- SSDEEP
  
  384:TFCc4Y4OJWfOWqWWOWYDzDm0GftpBjnZaQHRN7IlDggA:RCcyCSVifLeLA
Score

1^/10
behavioral22
- Target
  
  System.Diagnostics.TextWriterTraceListener.dll
- Size
  
  20KB
- MD5
  
  a964808487e671bb369dbc0e4dc5a947
- SHA1
  
  c3848473e42e2f9b4d0a00180ea9ade654432587
- SHA256
  
  63eab38ee9f4dcd686c8e6a4f01e1e2a9bb91e52b20ab4dde0c28061e9261860
- SHA512
  
  7352368b68835ecc9c5943ae2f2bd5cab775a7fbb018af7683e74fad1731a9738ae14ebe0bccd854a223ab762fca7ec11411fdae865c5c6ddd034900fa55cfd0
- SSDEEP
  
  384:EAWxMW3QvT1Dm0GftpBj1ROaQHRN7gIlBLY6fc8:Evxs1DVidOLgEYA
Score

1^/10
behavioral23
- Target
  
  System.Diagnostics.Tools.dll
- Size
  
  20KB
- MD5
  
  27c7d752c11c3f43f28eb31968e73e2b
- SHA1
  
  51e466218025126c5e524afd2086f4ab0bf3660a
- SHA256
  
  260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa
- SHA512
  
  393d1747911a7f91f4c4f4f363a3782f24e00431478088da454823a223a4e75e51d9b010fc5d9746e2bf0185be90071b6cb70c777337d718b39151eef6b486aa
- SSDEEP
  
  384:UUAlcWHaWlvT1Dm0GftpBjXGIRaQHRN7/lBLY6fIi:29N1DVihGIRL/Yni
Score

1^/10
behavioral24
- Target
  
  System.Diagnostics.TraceSource.dll
- Size
  
  21KB
- MD5
  
  37be4cce0ed037f8d9a7a3940bd2a2e1
- SHA1
  
  96314ec1a59e4bb53c5b609bf79ad4c998a7a988
- SHA256
  
  c81a57d0634c462a6cf49844059e9b170f650ccdf0789519ffd4ae7d28e2718d
- SHA512
  
  cedac24f414cce5053fdf10779dbd153fcebad69b3960f75a5ab1110da18799c79dc01b30269641022fcd874a331bc2dc7ce1a7d1a60dc90e109dd55b58665db
- SSDEEP
  
  384:K8IZnWlNWM+109m0GftpBjBPaQHRN7401lTZVkAa:xUynViXPLrbZVs
Score

1^/10
behavioral25
- Target
  
  System.Diagnostics.Tracing.dll
- Size
  
  30KB
- MD5
  
  60f59659db517c2f4dd4c5c583d43097
- SHA1
  
  87ed79d195d8d93ae1155af08857f751a7eca245
- SHA256
  
  b84b93be455cc7d14ec0c88ce08dafac7b6aac2e549c969e7126eb48c31f8b1c
- SHA512
  
  90bcea3baa04146f08013a832633957c6d511d5eb52270575ef9a571153384b5a02c5026361b70940775907b5bc710b2c91627eeace432744f3b9e5e1ed509d6
- SSDEEP
  
  384:GlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWo3szm0GftpBp:8Qq33333333kX+TBi8P8zViDdsLHH0D
Score

1^/10
behavioral26
- Target
  
  System.Drawing.Primitives.dll
- Size
  
  20KB
- MD5
  
  29b0a1554e54611ebba7911049f26fd3
- SHA1
  
  d707745e72d2f39374f2d28af52aaab7888b93ab
- SHA256
  
  2805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d
- SHA512
  
  17558306a611bfac6982d5650335b05ea407191290b653c028896142ebee2abceb22f7d71926fbbcc3fab8227c61a5fda0e770abfca021ac7f891c9c7ee42e81
- SSDEEP
  
  384:R28YFlXulWY/W1+109m0GftpBjIaQHRN7T/8ldBoQAYBS:R0qMViaLTwoJYBS
Score

1^/10
behavioral27
- Target
  
  System.Dynamic.Runtime.dll
- Size
  
  21KB
- MD5
  
  c5cadb1409f25b6a1c7a6dd4c2df236b
- SHA1
  
  a994c87352486d433a06943c01329dd721ab343f
- SHA256
  
  f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9
- SHA512
  
  6bd6e482533b9ff8fff8823f84cde7191a0fd5575f76891a95e99cd1f5c1122ef92b436745ec9583089445fd5eac795181759080b1d83ccfa1eed31d9cce3af0
- SSDEEP
  
  384:puMLcdQ5MW9MWf+109m0GftpBjMR5aQHRN7Ljl78oSwDnuB3:AOcSpxVi2Lhawi
Score

1^/10
behavioral28
- Target
  
  System.Globalization.Calendars.dll
- Size
  
  21KB
- MD5
  
  ac2f4b435ddf0600d7a866f42f3b40d9
- SHA1
  
  0564ff7f7e6084bd6d02d8e6a4127d1c878b3fa6
- SHA256
  
  b56ffb65b842daae13f3020b0b04646db92f89801d2a2f89087d145a996d43f7
- SHA512
  
  dc3e9c3b4d732801dcf43cfd6cdd2672f01e03cb99d804a3f4803fddb9ca9817bcfd2f96fd94b7b33db0994f5478ce200c048db5dbb78d3b24e950262ebf4d28
- SSDEEP
  
  384:3Z7RqXWDRqlRqj0RqFWX5Twm0GftpBjGRqazmHaQHRN76RqIil3uVogC:J9qKqjqjuq0wViGqRLoqItV7C
Score

1^/10
behavioral29
- Target
  
  System.Globalization.Extensions.dll
- Size
  
  25KB
- MD5
  
  c7c93de0627833900b8379fd181b7351
- SHA1
  
  2cb98f9622f57a0a9e037a378519aa6a271302f6
- SHA256
  
  c7e91bd148ed22ee1ff8ebd3e58b199a30af90aa37499bcf8da34409672f2ed9
- SHA512
  
  1067bacc4495eacbc27937b54780b97da62fed1af66158e2fa492fc82b068d49bb49bc20c3c82c22d8edd300bd7b097e14aa1e317f1789744e188bca15d22b4d
- SSDEEP
  
  384:MNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9WQDzDm0GftpBjeXRsTUbaQHR/:MvMhF2SzNzwu/Nlju/ViCLLsBy
Score

1^/10
behavioral30
- Target
  
  System.Globalization.dll
- Size
  
  20KB
- MD5
  
  ae023bb0beee5189a07c7fd4e0cf3fca
- SHA1
  
  846711d4161a3950facdef97037898a71f4efda1
- SHA256
  
  56bd0c02c734abf4d7fd1ef2e8b6a9e4bf5e4bab4e606cd1023d63b02852fa61
- SHA512
  
  62305027ae8bb5b830630fe54f2cf9e607f9b97ffe28912c2cb15d429252668f17eaf2d7ceecf5601c889d5ea52e0b9100f115173bb11b5d6208171792833c85
- SSDEEP
  
  384:gZ4RLWdRfRJ0RZWw+109m0GftpBjPWR+HaQHRN71RNl78oSwDnud:gZK0pJujViFc6LzrawS
Score

1^/10
behavioral31
- Target
  
  System.IO.Compression.ZipFile.dll
- Size
  
  20KB
- MD5
  
  bb1a520f25bb93ace4dd0a060fba677d
- SHA1
  
  92bf07ccf32eb9fdf06f446a256e0271c4028bf0
- SHA256
  
  7720ee13405ea8a3c204703a181e67dc6d66835e9df263c09d04d8b48b41eb26
- SHA512
  
  9288148ec879ebeafd53c225854ee3bd3768ba5c7b829d6af1251d20ac301fc27a04bebb603fe2cde6949bc5968fde717e8b747337c1ad872450d26f7c36f515
- SSDEEP
  
  384:OYWsmWs+109m0GftpBjncaQHRN7QlgaGn7G7:O28ViGLMGG
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Ploutus loader

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32