Overview

overview

10

Static

static

10

Paint.NET_v4.2.10.exe

windows11-21h2-x64

10

PaintDotNe...er.dll

windows11-21h2-x64

1

PaintDotNet.exe

windows11-21h2-x64

1

PaintDotNet_x64.msi

windows11-21h2-x64

6

SetupShim.exe

windows11-21h2-x64

3

System.AppContext.dll

windows11-21h2-x64

1

System.Buffers.dll

windows11-21h2-x64

1

System.Col...nt.dll

windows11-21h2-x64

1

System.Col...ic.dll

windows11-21h2-x64

1

System.Col...ed.dll

windows11-21h2-x64

1

System.Col...ns.dll

windows11-21h2-x64

1

System.Com...nc.dll

windows11-21h2-x64

1

System.Com...es.dll

windows11-21h2-x64

1

System.Com...er.dll

windows11-21h2-x64

1

System.Com...el.dll

windows11-21h2-x64

1

System.Console.dll

windows11-21h2-x64

1

System.Dat...on.dll

windows11-21h2-x64

1

System.Dia...ts.dll

windows11-21h2-x64

1

System.Dia...ug.dll

windows11-21h2-x64

1

System.Dia...fo.dll

windows11-21h2-x64

1

System.Dia...ss.dll

windows11-21h2-x64

1

System.Dia...ce.dll

windows11-21h2-x64

1

System.Dia...er.dll

windows11-21h2-x64

1

System.Dia...ls.dll

windows11-21h2-x64

1

System.Dia...ce.dll

windows11-21h2-x64

1

System.Dia...ng.dll

windows11-21h2-x64

1

System.Dra...es.dll

windows11-21h2-x64

1

System.Dyn...me.dll

windows11-21h2-x64

1

System.Glo...rs.dll

windows11-21h2-x64

1

System.Glo...ns.dll

windows11-21h2-x64

1

System.Glo...on.dll

windows11-21h2-x64

1

System.IO....le.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paint.NET_v4.2.10.exe

  • Size

    9.9MB

  • Sample

    240902-ekn9ea1crn

  • MD5

    29f8c3e869f2396f8640625c913b0b87

  • SHA1

    1b7c0a1b3175ff37296fff1d8c65a25c6232cfdd

  • SHA256

    165b5a81a861e79f1e333226cb8e120023a4df4ba913e62677fdbb43ca212c02

  • SHA512

    34fa3218bc90a759e7975bcc4f3541080628ee3a42085c69d9cfa3aff62fd15e663c0c5936c0e17ab4ee7714e8ef205d2d69bf705ea650f0cfa5735140ef2404

  • SSDEEP

    196608:uoOiJ3jKzTHHzUNl2PJk2g6RHZl22Cysj4Lk9gC4zuqWRZa5:uRi9Qn4OPJk/1h4LAgC4zFt5

Score
10/10
ploutusatmbackdoordiscoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Paint.NET_v4.2.10.exe

    • Size

      9.9MB

    • MD5

      29f8c3e869f2396f8640625c913b0b87

    • SHA1

      1b7c0a1b3175ff37296fff1d8c65a25c6232cfdd

    • SHA256

      165b5a81a861e79f1e333226cb8e120023a4df4ba913e62677fdbb43ca212c02

    • SHA512

      34fa3218bc90a759e7975bcc4f3541080628ee3a42085c69d9cfa3aff62fd15e663c0c5936c0e17ab4ee7714e8ef205d2d69bf705ea650f0cfa5735140ef2404

    • SSDEEP

      196608:uoOiJ3jKzTHHzUNl2PJk2g6RHZl22Cysj4Lk9gC4zuqWRZa5:uRi9Qn4OPJk/1h4LAgC4zFt5

    Score
    10/10
    ploutusatmbackdoordiscovery

    • Detected Ploutus loader

    • Ploutus

      Ploutus is an ATM malware written in C#.

      backdooratmploutus

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

    • Target

      PaintDotNet.SystemLayer.dll

    • Size

      587KB

    • MD5

      e6f63db25d665e0c211581312df16797

    • SHA1

      2f48a1be6943625817c06c9b2f7887935bcf2384

    • SHA256

      9c1789a4eee5a7ebcdf9b7d36781cfdda6e64728058fdcd54b5fccb45a7ec827

    • SHA512

      459094186b01b244ae80dee321b7cf59075eeda21db4f989ce71b65031363c3ee2eb2a64da616f7b2c4be5e45654b286e1e7d1122aea338c1bde6e4778422fd6

    • SSDEEP

      12288:U/qDjFbAfyNQjVi6oFydWw6Y7yGzbawWDlF1QX1uE8LIEy:UiDjZAfyycXydj1z/WDlF1cuE8L2

    Score
    1/10
    behavioral2

    • Target

      PaintDotNet.exe

    • Size

      1.9MB

    • MD5

      95e69a189ecfd29573b0546039812cc4

    • SHA1

      fcbdb781ec8f3ae705401bd5cabba6ee0301996d

    • SHA256

      7a26dee46d62fc3cf3e9a736d87391110503b598a3eb9da3b95705b643bf3d60

    • SHA512

      4c3a70dce20f8e7f027dc0ae52230a049f636a0e5e0db9f1a019602838b126678f66322ec6bd3944e4173e13a3aff08ce7b115536010f03f10be7fd7ad5994fb

    • SSDEEP

      24576:fNNkp4r75srFQp/BWxBlnG8yh31Pkuh29GTjEc8:8FuoxPG9FPlh2X

    Score
    1/10
    behavioral3

    • Target

      PaintDotNet_x64.msi

    • Size

      42.1MB

    • MD5

      31eb66f25819d9c80acba3d303e40698

    • SHA1

      16195d7ace6f09041681f2bab2b019efe7512b60

    • SHA256

      9ab5009f9d378785abb19f2e2e5cae5c6605c9309b365bb6e29f9a42e69e1eaf

    • SHA512

      48a3381d666e30c08bd100cd19f1d146ee05c70f4e156582834bdcf429bbb58cca06be89a6efedd91c3567d539b0277cd6d95605578dc2a98ac3c6630bf3244b

    • SSDEEP

      196608:UuSd3334PMCsfg9cQrAbJAkQMlbVPEAG+kaAG0Uf21d3334AX1aTFnD4YQzLMViw:P/MCsecGPM/jGVJ1mFDD9

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral4

    • Target

      SetupShim.exe

    • Size

      133KB

    • MD5

      829f3a3164d7e6b1bd72a2412aefd0df

    • SHA1

      2d656d236ea967245cb0b18d48355e4650863612

    • SHA256

      40f630e6f8838fe6070fce2aef769530033d8bd6b8699e9565468a16f0e3f110

    • SHA512

      7ddf8d47e1bb496fc83f865c92ee3f3b1aef7cfc4cacb63307dcdf931a33f700e8f3b2a225ee273412dd074883e3e389e5b94336cae98db0faa1284abbadfea4

    • SSDEEP

      3072:2N8Hab73bFvqGnVFYvB6T8dhNgeae1U1P7oBVYoHoC8GAjuF6PfaMqVuipKYnTbM:2qs73bEXB7d1IPOopjuF63cKGvM

    Score
    3/10
    discovery
    behavioral5

    • Target

      System.AppContext.dll

    • Size

      20KB

    • MD5

      8cc4c7dfeb41b6c227488ce52d1a8e74

    • SHA1

      93702135db0646b893babe030bd8dc15549ff0c2

    • SHA256

      9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39

    • SHA512

      e4da7e3ae5ca31e566ea0475e83d69d998253fb6d689970703a5ad354a2aad1bb78d49a2c038f0a3c84a188d091696191b04e4a39253deb3b6cb310b72f02f97

    • SSDEEP

      384:uDNxWQFW5+109m0GftpBj9yaQHRN7SAl78oSwDnu/L:uDNV+Vi+LSyaw6L

    Score
    1/10
    behavioral6

    • Target

      System.Buffers.dll

    • Size

      27KB

    • MD5

      a65596a77e2e206a84237ece6ab21a1f

    • SHA1

      bac34c8a68c12051c6f5395c5a759d7ab519a8ba

    • SHA256

      72b10a7d404778fed460f3ff0204cf7e81a8a5a79c99132821928b63f6ae99cb

    • SHA512

      e1fbea6c58f246f71b4b6a754cc3bf5f0aed802be6c9daa35ca4eddd0d6799e29ec3f64381f00f4f61330baf6b641819be4fdefb9b869b60acbed8994a407639

    • SSDEEP

      384:H1IwSyJfREPFp/yXOTF7ZWYYWmDNIam0GftpBjnaQHRN7uCgfl3:HFRJWPLaXuwDNViVLu

    Score
    1/10
    behavioral7

    • Target

      System.Collections.Concurrent.dll

    • Size

      20KB

    • MD5

      559c98eb9633c7ba1bc813f8e6e0e9a5

    • SHA1

      311f52b31611e6dc5fd4c0159bfa452c22980ca7

    • SHA256

      cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c

    • SHA512

      e241c16869d1cdbb2c6482a7c5b2af93de4ba0cef8185b8826eee35ecb174f35f7585c8ae0320f7f4f6b80f3bb5b3edae2383760f2f35637f03c3a0e38e0875c

    • SSDEEP

      384:Jm2igOWnW8rWwvT1Dm0GftpBjVjaQHRN70lxBGDD:5t/1DVinjLSMD

    Score
    1/10
    behavioral8

    • Target

      System.Collections.NonGeneric.dll

    • Size

      20KB

    • MD5

      45ff71114047dbf934c90e17677fa994

    • SHA1

      526c688e71a7d7410007ad5aa6ea8b83cace76c5

    • SHA256

      529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696

    • SHA512

      29684ac5391268eaa276196a6249364f6d23abfe59bdc304a561cf326cea6cd662fa04c05e15924fd6d3f9e9d1607992b8dcad3f817cfe891580f9d9462fe9b7

    • SSDEEP

      384:2napn1iwwPWcGWNhvT1Dm0GftpBj/aQHRN7oIBldBoQAY0GP:lDuF91DVi1LoIzoJYR

    Score
    1/10
    behavioral9

    • Target

      System.Collections.Specialized.dll

    • Size

      20KB

    • MD5

      b52c339601cb264f83df72d802e98687

    • SHA1

      8bbb7badaaa912c1f17775e9acdcab389704c772

    • SHA256

      938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c

    • SHA512

      287f08ab07827570f9f3ef48a6d7e5c186899a2704fb3dbaf36975f6be7b29fb6695a69fab85a6f09bddefb60c79052c3a33cf862651f892eb9d773d880b3af8

    • SSDEEP

      384:2ZHLaEav5aaUa6arWVLWOvT1Dm0GftpBjq1xFaQHRN71mldBoQAYu:rPv5t/NOF1DViQ1xFLcoJYu

    Score
    1/10
    behavioral10

    • Target

      System.Collections.dll

    • Size

      21KB

    • MD5

      1d8aafeca1ea565b257384d3f64864b0

    • SHA1

      4d923b100142afa2e0a8b7acdb3a6de6feb91148

    • SHA256

      c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707

    • SHA512

      99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

    • SSDEEP

      384:h6iIJq56dOuWSKeWkvT1Dm0GftpBj0RaQHRN7T7lxBGDto:viAw1DViKRLTxMi

    Score
    1/10
    behavioral11

    • Target

      System.ComponentModel.EventBasedAsync.dll

    • Size

      21KB

    • MD5

      6067ecbab3c6dddb6bf7c49c7948caa8

    • SHA1

      5f3da777af01dbc159bd8d9d97d5dc105918afc5

    • SHA256

      22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5

    • SHA512

      9f3e834b8342e0c7aa5ccc993b520d664b03f1f0091066c66067923e1d4991efa03f63908552538c05f423aa2b696de7c76993f71a7564f3e87662cb0fc00726

    • SSDEEP

      384:/nzz+MpSaLWW0+WNC7Bm0GftpBjsY1xaDaQHRN7RlTZVkRzQ:npuAViVxaDLHZV+Q

    Score
    1/10
    behavioral12

    • Target

      System.ComponentModel.Primitives.dll

    • Size

      21KB

    • MD5

      2f39655ccfc010e32a7240d9bf5d0852

    • SHA1

      20aeaed12dfb8d71e39687350eb12bc0de372af0

    • SHA256

      bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37

    • SHA512

      9769e59279a32f29c2f2c6970c81d3ed76fe3421b819ddffc8fa98329f1b45300c737fdf71956672f80f69b3a75727d184f8c421e00b84e94163a86cb744a991

    • SSDEEP

      384:fGhr+YUfyHxsW/HWiC7Bm0GftpBjoEKaQHRN7VlO62gHcXn2d:MkmyViaLEg832d

    Score
    1/10
    behavioral13

    • Target

      System.ComponentModel.TypeConverter.dll

    • Size

      22KB

    • MD5

      d1699287934da769fc31e07f80762511

    • SHA1

      bfe2384a92b385665689ad5a72f23abc8c022d82

    • SHA256

      0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb

    • SHA512

      4fef3e1535f546ffdde0683f32a069beeffe89096524c7068f1f5ce8377824f82ae530d3990c9dd51bccaa9e53fded5613fa1174013325808059276dee771187

    • SSDEEP

      384:BRE+ruiA5vzWeNWnvT1Dm0GftpBj94aQHRN7N+ql78oSwDnuQM:BS9bW1DVib4L5awfM

    Score
    1/10
    behavioral14

    • Target

      System.ComponentModel.dll

    • Size

      20KB

    • MD5

      632cc8ad69b76fd9bb5847de1e1439f7

    • SHA1

      2e32d50ec33ec6635681485b754f4e58d434a5ee

    • SHA256

      5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479

    • SHA512

      9ba5cc82573308e5d995ba05bc660fc1c087eb91d8bd7efca6ff838a3c47bd6118d9c92919b2e0dac11a5a27977318c5c819499dc19cd5d6e57122a0749858c6

    • SSDEEP

      384:HT+6ywnVvW0LWqvT1Dm0GftpBj+XaQHRN7qn0lTZVk0N:H9911DViYLqeZVdN

    Score
    1/10
    behavioral15

    • Target

      System.Console.dll

    • Size

      20KB

    • MD5

      ea9376c17ee0148f0503028ad4501a92

    • SHA1

      9d5686cbf45e90df5e11d87e7b90173a1a64b1a0

    • SHA256

      b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a

    • SHA512

      18d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a

    • SSDEEP

      384:iRbzriaXT+WlEWLC7Bm0GftpBjXUNZiTaQHRN7hldBoQAYv8:A7icYVisiTLToJYU

    Score
    1/10
    behavioral16

    • Target

      System.Data.Common.dll

    • Size

      150KB

    • MD5

      d712a5a82a446086443ce00b610d8a5d

    • SHA1

      7add96baa123db819f2f3d5aa62d6f872ce8fe14

    • SHA256

      1c7bff6f16bb618648e699b723aeafe511515cd6aad699c25faae2a507e22811

    • SHA512

      225128e58e2f01b5caada6fe54b1d32ff6a700542ce22b425649ab22da2944f796f04d1a2428c542bcab5348a161cf73f5f9a1e7bbf1f6417c4d507217fe3fd0

    • SSDEEP

      3072:wdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Pch:i+2jv1x0ebezWiumh

    Score
    1/10
    behavioral17

    • Target

      System.Diagnostics.Contracts.dll

    • Size

      21KB

    • MD5

      99373ab10858746aad424f28b48277f5

    • SHA1

      5042ee630a6c7c2986e8323a14d052c1d83b6f61

    • SHA256

      9c4ae61e0e8365762efe3d34c5595029f2c12e0079e6070720e2cef0882c84e5

    • SHA512

      e96f8fdd6ffb702d344746ce82de576bba8636ede3e39a7da18ccf8a0178b8346fd31140760b864f1487d7804d931ff1a18de07a4cafa0cf79bdb340421fc03f

    • SSDEEP

      384:8RtRWjYWYvT1Dm0GftpBjaGaQHRN77TlgaGn73:+i61DViUGLHG7

    Score
    1/10
    behavioral18

    • Target

      System.Diagnostics.Debug.dll

    • Size

      20KB

    • MD5

      8b8c402311d7ab87e588675e736414fd

    • SHA1

      eb8c010a35b461402c1c33133f1b61c78be8425a

    • SHA256

      55a30d92d163cf1807bea6dc13b4c13e70aebbb034dc77eaef4f4394730dcd8e

    • SHA512

      d03f450a3a19320de71145e48cd7c088d9b50d0a683cc9a79d8967dce085a6f63cbe537fca1c6208865eb52eafb10189613c7233047318caeb2fb2c23c34a269

    • SSDEEP

      384:IeWnoWMC7Bm0GftpBjVwaaQHRN7g20lgaGn771Y:InTViMaLnYGtY

    Score
    1/10
    behavioral19

    • Target

      System.Diagnostics.FileVersionInfo.dll

    • Size

      20KB

    • MD5

      0d9a641105098d642567b22101a4de0b

    • SHA1

      12419c25d1c2eb706a4e4e649ee353ceda7446a9

    • SHA256

      7c25a74772e135257235640a0264ddc05235e14f3627896cfe735e9955155f83

    • SHA512

      fd4560cdf01de237ddf797a33c5dbc220d3fcae07ede17d43c39f5562e36e03646676a87e20699d7603fca6d84f66c8756eb863dd4727b7e1a499619bb88dde1

    • SSDEEP

      384:m6oWJjWlC7Bm0GftpBjJeiaQHRN7t2H9lO62gHcXq:m6vpVi+iLtecg8a

    Score
    1/10
    behavioral20

    • Target

      System.Diagnostics.Process.dll

    • Size

      21KB

    • MD5

      d86b0aca05321569d9383dc7c4e9e934

    • SHA1

      2ef7d0a222c3a3e564b3c72d5b71a5be40a7adea

    • SHA256

      28b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754

    • SHA512

      5959e1129c983825233a07869dd1b2b1db32830d2b5f6b7f8d869c39a76a241f88f76d37341fdfbf56f000fc6acba19aeb36a7efb94721494b41b65bf4978651

    • SSDEEP

      384:Gqk53/hW3fZ+zWQC7Bm0GftpBj6dlwaQHRN7q5blgaGn7i:Gqk53MpViywLGbGu

    Score
    1/10
    behavioral21

    • Target

      System.Diagnostics.StackTrace.dll

    • Size

      23KB

    • MD5

      fa98a0f020248c2be1dd40c07092f22a

    • SHA1

      ef6b3ccff90beddab5ce6f60b4cc23f75edfd009

    • SHA256

      cae99f910874288afbf810968d13b79d755cd4b2006609ec036ea4934181cba5

    • SHA512

      554a25c761102dc41a9e421621e329868d1162ab29f47e59754c8fcfae0c12bbe8200e1b5975abf926f1de0977a5407c43202ac8a2801c69a7f01d95b6a1e959

    • SSDEEP

      384:TFCc4Y4OJWfOWqWWOWYDzDm0GftpBjnZaQHRN7IlDggA:RCcyCSVifLeLA

    Score
    1/10
    behavioral22

    • Target

      System.Diagnostics.TextWriterTraceListener.dll

    • Size

      20KB

    • MD5

      a964808487e671bb369dbc0e4dc5a947

    • SHA1

      c3848473e42e2f9b4d0a00180ea9ade654432587

    • SHA256

      63eab38ee9f4dcd686c8e6a4f01e1e2a9bb91e52b20ab4dde0c28061e9261860

    • SHA512

      7352368b68835ecc9c5943ae2f2bd5cab775a7fbb018af7683e74fad1731a9738ae14ebe0bccd854a223ab762fca7ec11411fdae865c5c6ddd034900fa55cfd0

    • SSDEEP

      384:EAWxMW3QvT1Dm0GftpBj1ROaQHRN7gIlBLY6fc8:Evxs1DVidOLgEYA

    Score
    1/10
    behavioral23

    • Target

      System.Diagnostics.Tools.dll

    • Size

      20KB

    • MD5

      27c7d752c11c3f43f28eb31968e73e2b

    • SHA1

      51e466218025126c5e524afd2086f4ab0bf3660a

    • SHA256

      260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa

    • SHA512

      393d1747911a7f91f4c4f4f363a3782f24e00431478088da454823a223a4e75e51d9b010fc5d9746e2bf0185be90071b6cb70c777337d718b39151eef6b486aa

    • SSDEEP

      384:UUAlcWHaWlvT1Dm0GftpBjXGIRaQHRN7/lBLY6fIi:29N1DVihGIRL/Yni

    Score
    1/10
    behavioral24

    • Target

      System.Diagnostics.TraceSource.dll

    • Size

      21KB

    • MD5

      37be4cce0ed037f8d9a7a3940bd2a2e1

    • SHA1

      96314ec1a59e4bb53c5b609bf79ad4c998a7a988

    • SHA256

      c81a57d0634c462a6cf49844059e9b170f650ccdf0789519ffd4ae7d28e2718d

    • SHA512

      cedac24f414cce5053fdf10779dbd153fcebad69b3960f75a5ab1110da18799c79dc01b30269641022fcd874a331bc2dc7ce1a7d1a60dc90e109dd55b58665db

    • SSDEEP

      384:K8IZnWlNWM+109m0GftpBjBPaQHRN7401lTZVkAa:xUynViXPLrbZVs

    Score
    1/10
    behavioral25

    • Target

      System.Diagnostics.Tracing.dll

    • Size

      30KB

    • MD5

      60f59659db517c2f4dd4c5c583d43097

    • SHA1

      87ed79d195d8d93ae1155af08857f751a7eca245

    • SHA256

      b84b93be455cc7d14ec0c88ce08dafac7b6aac2e549c969e7126eb48c31f8b1c

    • SHA512

      90bcea3baa04146f08013a832633957c6d511d5eb52270575ef9a571153384b5a02c5026361b70940775907b5bc710b2c91627eeace432744f3b9e5e1ed509d6

    • SSDEEP

      384:GlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWo3szm0GftpBp:8Qq33333333kX+TBi8P8zViDdsLHH0D

    Score
    1/10
    behavioral26

    • Target

      System.Drawing.Primitives.dll

    • Size

      20KB

    • MD5

      29b0a1554e54611ebba7911049f26fd3

    • SHA1

      d707745e72d2f39374f2d28af52aaab7888b93ab

    • SHA256

      2805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d

    • SHA512

      17558306a611bfac6982d5650335b05ea407191290b653c028896142ebee2abceb22f7d71926fbbcc3fab8227c61a5fda0e770abfca021ac7f891c9c7ee42e81

    • SSDEEP

      384:R28YFlXulWY/W1+109m0GftpBjIaQHRN7T/8ldBoQAYBS:R0qMViaLTwoJYBS

    Score
    1/10
    behavioral27

    • Target

      System.Dynamic.Runtime.dll

    • Size

      21KB

    • MD5

      c5cadb1409f25b6a1c7a6dd4c2df236b

    • SHA1

      a994c87352486d433a06943c01329dd721ab343f

    • SHA256

      f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9

    • SHA512

      6bd6e482533b9ff8fff8823f84cde7191a0fd5575f76891a95e99cd1f5c1122ef92b436745ec9583089445fd5eac795181759080b1d83ccfa1eed31d9cce3af0

    • SSDEEP

      384:puMLcdQ5MW9MWf+109m0GftpBjMR5aQHRN7Ljl78oSwDnuB3:AOcSpxVi2Lhawi

    Score
    1/10
    behavioral28

    • Target

      System.Globalization.Calendars.dll

    • Size

      21KB

    • MD5

      ac2f4b435ddf0600d7a866f42f3b40d9

    • SHA1

      0564ff7f7e6084bd6d02d8e6a4127d1c878b3fa6

    • SHA256

      b56ffb65b842daae13f3020b0b04646db92f89801d2a2f89087d145a996d43f7

    • SHA512

      dc3e9c3b4d732801dcf43cfd6cdd2672f01e03cb99d804a3f4803fddb9ca9817bcfd2f96fd94b7b33db0994f5478ce200c048db5dbb78d3b24e950262ebf4d28

    • SSDEEP

      384:3Z7RqXWDRqlRqj0RqFWX5Twm0GftpBjGRqazmHaQHRN76RqIil3uVogC:J9qKqjqjuq0wViGqRLoqItV7C

    Score
    1/10
    behavioral29

    • Target

      System.Globalization.Extensions.dll

    • Size

      25KB

    • MD5

      c7c93de0627833900b8379fd181b7351

    • SHA1

      2cb98f9622f57a0a9e037a378519aa6a271302f6

    • SHA256

      c7e91bd148ed22ee1ff8ebd3e58b199a30af90aa37499bcf8da34409672f2ed9

    • SHA512

      1067bacc4495eacbc27937b54780b97da62fed1af66158e2fa492fc82b068d49bb49bc20c3c82c22d8edd300bd7b097e14aa1e317f1789744e188bca15d22b4d

    • SSDEEP

      384:MNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9WQDzDm0GftpBjeXRsTUbaQHR/:MvMhF2SzNzwu/Nlju/ViCLLsBy

    Score
    1/10
    behavioral30

    • Target

      System.Globalization.dll

    • Size

      20KB

    • MD5

      ae023bb0beee5189a07c7fd4e0cf3fca

    • SHA1

      846711d4161a3950facdef97037898a71f4efda1

    • SHA256

      56bd0c02c734abf4d7fd1ef2e8b6a9e4bf5e4bab4e606cd1023d63b02852fa61

    • SHA512

      62305027ae8bb5b830630fe54f2cf9e607f9b97ffe28912c2cb15d429252668f17eaf2d7ceecf5601c889d5ea52e0b9100f115173bb11b5d6208171792833c85

    • SSDEEP

      384:gZ4RLWdRfRJ0RZWw+109m0GftpBjPWR+HaQHRN71RNl78oSwDnud:gZK0pJujViFc6LzrawS

    Score
    1/10
    behavioral31

    • Target

      System.IO.Compression.ZipFile.dll

    • Size

      20KB

    • MD5

      bb1a520f25bb93ace4dd0a060fba677d

    • SHA1

      92bf07ccf32eb9fdf06f446a256e0271c4028bf0

    • SHA256

      7720ee13405ea8a3c204703a181e67dc6d66835e9df263c09d04d8b48b41eb26

    • SHA512

      9288148ec879ebeafd53c225854ee3bd3768ba5c7b829d6af1251d20ac301fc27a04bebb603fe2cde6949bc5968fde717e8b747337c1ad872450d26f7c36f515

    • SSDEEP

      384:OYWsmWs+109m0GftpBjncaQHRN7QlgaGn7G7:O28ViGLMGG

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

System Information Discovery

3
T1082

System Location Discovery

3
T1614

System Language Discovery

3
T1614.001

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

ploutus
Score
10/10

behavioral1

ploutusatmbackdoordiscovery
Score
10/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

discoverypersistenceprivilege_escalation
Score
6/10

behavioral5

discovery
Score
3/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10