General
-
Target
pluto mapper (old).exe
-
Size
3.5MB
-
Sample
241005-zn2zwsxckd
-
MD5
7294182f058ab0f2b33f9c3eedea3384
-
SHA1
9c40e090ab7194fe532ae59242eec445f6611367
-
SHA256
ec3a258141b27d3cdb83949cbe03637b5da953406d4a2261a6c8b7640d8371a0
-
SHA512
f269698dfb08e738a54312cfacbeb318e0014647b66d6034c86baed134d15452f47f7bd687db03c02a35f0182c0a4965bbac1524d7d49228ade59df7f55b0f57
-
SSDEEP
98304:U/r4by8mP5/92kxAINXHY/7jDNOTGh8meDGICOOv7krApL:orZP58kOIH2OS1YGICr7BL
Behavioral task
behavioral1
Sample
pluto mapper (old).exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
pluto mapper (old).exe
-
Size
3.5MB
-
MD5
7294182f058ab0f2b33f9c3eedea3384
-
SHA1
9c40e090ab7194fe532ae59242eec445f6611367
-
SHA256
ec3a258141b27d3cdb83949cbe03637b5da953406d4a2261a6c8b7640d8371a0
-
SHA512
f269698dfb08e738a54312cfacbeb318e0014647b66d6034c86baed134d15452f47f7bd687db03c02a35f0182c0a4965bbac1524d7d49228ade59df7f55b0f57
-
SSDEEP
98304:U/r4by8mP5/92kxAINXHY/7jDNOTGh8meDGICOOv7krApL:orZP58kOIH2OS1YGICr7BL
-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Disables RegEdit via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Virtualization/Sandbox Evasion
1