Overview

overview

10

Static

static

3

Plutonium ...or.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Plutonium Injector.triage.zip

  • Size

    3.1MB

  • Sample

    240920-wb2ltazajr

  • MD5

    a8e2af98223b7d80f782f235f8a5861b

  • SHA1

    2b410f50a4953ce7337d0c3e38ac4b72338474a0

  • SHA256

    21f1b782e6ba464d64a93991e13b1eab12a6af91648bb4c1f7e868567b8ef51e

  • SHA512

    a0860969a228c8c7ebd6ab31f38f76e8f4278d5d31354e424ff881447f986b4759df24a781646182f58d83ad7010a71361fecb59eefdcabcbe1b4fff83b173a5

  • SSDEEP

    98304:EokcAJzCGtH5Zj3Os8fkOa+y3pMvZScuFz9Qio:HW+GtZZjJ8MOaKxS/B9w

Score
10/10
discoveryexecution

Malware Config

Targets

    • Target

      Plutonium Injector.exe

    • Size

      3.3MB

    • MD5

      a21cd842b125cd16bc25d4e46c533325

    • SHA1

      ff91b7198acf92707fa67603c55e9b7a793a9070

    • SHA256

      bceb38f4ccc6287ccfba62dc5cf3c533b47bef3ad0b1c94f3e7f1c34a1863f52

    • SHA512

      c2d992b1f9afc97af4981bb08d09230539b0e7afb03c2d6c6c6747c372bdda17167aa435eda82cfc0463fe2bf367b9ea38d25318b75cc88fc02b7603212694e8

    • SSDEEP

      98304:neKtZrCstp5njD6emJECa6y3LSjZO8Ajl1asK:eKnmstDnjFm2Cay1Ot51+

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks