Overview

overview

10

Static

static

10

PlutoReape...MS.exe

windows7-x64

10

PlutoReape...MS.exe

windows10-2004-x64

10

PlutoReape...V2.exe

windows7-x64

3

PlutoReape...V2.exe

windows10-2004-x64

3

PlutoReape...on.dll

windows7-x64

1

PlutoReape...on.dll

windows10-2004-x64

1

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

6

PlutoReape...n.html

windows10-2004-x64

6

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...e.html

windows7-x64

3

PlutoReape...e.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...n.html

windows7-x64

3

PlutoReape...n.html

windows10-2004-x64

3

PlutoReape...ics.js

windows7-x64

3

PlutoReape...ics.js

windows10-2004-x64

3

PlutoReape...rap.js

windows7-x64

3

PlutoReape...rap.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PlutoReaperV2.rar

  • Size

    17.2MB

  • Sample

    250305-y36e7ayk16

  • MD5

    6f601fe31134ee1aae5172f0a98fea2c

  • SHA1

    819019f56bb8556d35acb6eb8102cb25c7e43342

  • SHA256

    de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1

  • SHA512

    b6454116a72f7d715f02d7a5d3804ac36f79133e1f0fedb2f464560ba2e4427157a23d9578119409035f55a35d9deadc944035005e9fe7fadb90f0825152e9a9

  • SSDEEP

    393216:jNiHh4xplqWQGVX21xqtACmDjNA887te0fhTswxMM27ZeIpybFA1:jgB4xpoWjXHcjNA8qVoGcZeIpSK

Score
10/10
blankgrabberxwormdiscoveryexecutionphishingrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

field-aye.gl.at.ply.gg:24443

Mutex

MVUVp9tCaPyjpP9v

Attributes
  • Install_directory

    %AppData%

  • install_file

    Windows Defender.exe

aes.plain

Targets

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS.exe

    • Size

      40KB

    • MD5

      db690c068636611bdd7ae65e625aa4e1

    • SHA1

      a85fa0cb046a2c730af238c4a16f5888a73bdd45

    • SHA256

      8977fe9fa37d6a5146c8e3a537805534827d2f37f331d506564b5b51105515ce

    • SHA512

      e3db52888f07a11a613e66e2b81801a91433ad2dc3182fb1e53801b1fb620d70946e49f746f4628cbc264a0314f56fde002ad5837aa18b5b4a7f3ca6780bdd89

    • SSDEEP

      768:HdiWDOym2lzHubc4wJc29JJ7FFP7965LO9hQPuKWx:H1DOc1JPrZFT965LO9KSx

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/Dox_Tool_V2.exe

    • Size

      180KB

    • MD5

      b0424efaadfbf9991e55b397076c8181

    • SHA1

      bcf68986d9f98bf5d76a7eba580eb09be05e6243

    • SHA256

      dfdb90a7d5e41b030bb8bae6f325688ff3d3b3b2da8c554c34e66dad86cebe90

    • SHA512

      54e4cb638c71dd987951619ffb2e1d4f98fab7d75af4c1d39fed30162aece639961863b3caf1ade34f840a02233cf9431d9eb30e76d5a470383392c2fad0bfcd

    • SSDEEP

      3072:xUGBNLnlvzfNaITtRynmO/KT9C0tuXo+5yHOKlb1tKBMyoH9EJd:xUGeITtRkmO/KT9C0IXo+5yHDlXKqyoC

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/Newtonsoft.Json.dll

    • Size

      510KB

    • MD5

      c3c04754418382f505cafc18d64427f5

    • SHA1

      cac5e36dc498d6bb16170020be021ff5bd18a9e2

    • SHA256

      df8ec2e0245829ddec5b79f1918c3ae3a3fa540a5a0e3c410e2b6ef0bebc7927

    • SHA512

      bda5efd0f69a9c7198841e5d31744fa2bebb05cedb1e2846a0d2dbce6c3193da69c181be1116f38cd5f3d61b441567b1da2c844522184323e3d429294aa91ab5

    • SSDEEP

      6144:D5AGNDJNY1d2Skc39wf9IsDraDmh7JKH8Vjp4baBmBFSu4oNVg2OUvie:LNYNY9LaDKKGSBTV9

    Score
    1/10
    behavioral5behavioral6

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/adobe/login.html

    • Size

      39KB

    • MD5

      5594c4636795377b3256a2bb07672b83

    • SHA1

      b14c04856b68a5f95b9a3ff33c1954f38f4de898

    • SHA256

      2b70de126eeb8ba4706d828a13ac83ee42342a0f5b8c71c0e0cf0e1fc05a6f56

    • SHA512

      f7a9d019949b1b913aec8f6d146c1a87d3957264fe5bec70c82e5aa8d1c3b4777070f7c28ea43fad5223ed5a484820bb664143e25c2a51b164e7b71c384b0d58

    • SSDEEP

      768:g/Sd5plCRHNInmpHK1DYPqy96ryvINPmYy:g/SXpURHNInCK1DYP36ryvIZmd

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/badoo/login.html

    • Size

      211KB

    • MD5

      7e38a80c9b9f7f806b070b3e82652163

    • SHA1

      24fda725c2c48dd3973c6d55be84d219fc7c625b

    • SHA256

      df4d5eec529e8d3738403fcf6654431241a2614724a7de37f7a24a22495893ae

    • SHA512

      78cd39c18c621412356f96e06d2b1cffcf4783bbf45d8064547325096a6849566dca8e8ae1e2a1ce95d6dae5341a2fcb7d6120744e0a986470b943fa13ebae2c

    • SSDEEP

      1536:CqKS/fJKQCoTKODBjlIG+AfupcG08iRYVXf1q5RnpEnXdtxB7sHi/vCh6TVCYjS6:J3XuPiRcf2nunXdpsHi/qw9jaqPfw2R

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/cryptocurrency/login.html

    • Size

      7KB

    • MD5

      4274f4194a8806dbce4b2596684aa498

    • SHA1

      b7e6a10ea693829861493dfe162bb7c3c1639c8a

    • SHA256

      0c8190be1be671249b9a516114121c232d1b90b44a383316f5ae3dc7d002ffe2

    • SHA512

      6e1a6a21cb798c20ac9e1ee826b66468735f609808e41d43d71fde5903d4dcb2f0a555e10c26fc1fcf02f524438ec96bce81eb3e85e18787c438f2a01c1efc6f

    • SSDEEP

      96:mGe7ZNWrDrDFIbTIVxw1vw+Z1vcQJy/+OrQ/EYwvhGDIZ/+mQXOCnCZPCYC9Gi:Wx4cywMh7ZsX/CY9z

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/devianart/login.html

    • Size

      74KB

    • MD5

      2c4c4782edf762ef3d91ab073b9c2be7

    • SHA1

      85d6da97e9ac1bbbcd148376ad70ba12f97b81ba

    • SHA256

      db3440e5a15c5a13603422612155a555db2b8e60fef07f023900e3eae23e7219

    • SHA512

      c5993c55fd119fc37bc6d3a12c53c8b268c4828dc0f89451cb092e4f2cbc3e8ca78d5acb17f229c3f9baae52cd8c4d1184e315d31a544df218de81c5dd3a91a2

    • SSDEEP

      1536:8CgR5Pt5Rk4OfZEVYnQfbltvgwoaKPzfmrBXmLK8jhbTWwPY49h1g4ng4dSMoKNq:8Mwo9PLcXmrjhbTWgYs1oxRN

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/dropbox/login.html

    • Size

      67KB

    • MD5

      2ff95476dfb7e366d81924cb8c354a22

    • SHA1

      fe08dfc8b7f99c0ba5702ea7b346606e4078cc29

    • SHA256

      7e5bc50905ba754480a3915e127095659132905c9f674c51f8f8dde70990e903

    • SHA512

      13118bfad9ef3a7e14f3f61ca95e97f666d915d0e00434e29f640228f9638ee68d073343fd69e14082169d66b661fa59df58c29296210d733810e5dd6d5f4885

    • SSDEEP

      768:DulsKt6IebM4hKmbKTLm0+SPNGEyRbyiBchgZYYq1YrWmR4iOmeB/MISJvKlJjJT:rnIqM4hZHyicckiOmeBap9h6LyZPiJ

    Score
    6/10
    discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral15behavioral16

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/login.html

    • Size

      398KB

    • MD5

      dae741701bcfb2cf53f8a7f84b469c17

    • SHA1

      af15ff21fc5b63ae5d2a7aaf37cea44fde111006

    • SHA256

      1db4924a7408e2f5b755185a81bc3f181141e6767144089d9ece8a226ef78658

    • SHA512

      985e18511085e06a0288b6b2dea54a064361b75884c70c2422549baa1e8be557d463ef5d28c1a3c6ec88069e90fdb45371fb54e33f2ea76e449e4f34c177d383

    • SSDEEP

      3072:0T7LB+wkce0gcYSLyCw9riAw1RTDMgrA8GfLcmLdC+BC:0t1kc1LyRWL11MgkYqBC

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/mobile.html

    • Size

      9KB

    • MD5

      781baa7878daf277f0faba6353ed541e

    • SHA1

      1aadcd6dcc52218b5652f7c91d9c4d741536307b

    • SHA256

      2117e2514f1666864ca757e53dd379dc88eaf92255613057fa5f0668aca68379

    • SHA512

      88c0efa80ebd0a9f91e5b245d6d55718a2f1bd27a645ed9a96b831f38e6eeb98c20a744c665342c4f47b40a8228cf41a33b0b2864d5c301345c1e4f8cbbcca49

    • SSDEEP

      192:S/GYrJb8WGtE5f6eE7w5a91mFsOYoTKqob:S/GYrJb8WGtEET8a

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/github/login.html

    • Size

      12KB

    • MD5

      4d969a8b2808c635de7e359e64e64b67

    • SHA1

      32d826f58a3b647f0ddf25b5cea4a8e13e737a58

    • SHA256

      28ecf3a981f4b2eb37b499401745bc5b06ec1c80b27c3d45981edefc53ac45d5

    • SHA512

      c648486c0657043e9bd1771f6ac1ee41e023c14e81f4e67da5e950adb749700121aca2bdedba962284434860a3899f2b21133ecaabeabaf96a3df96ddf67dd03

    • SSDEEP

      384:Arc/x+o/yXVYRYhHyQrmbPi3a5HymU1W/7b:Aop14uq5bsHxU4X

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/gitlab/login.html

    • Size

      15KB

    • MD5

      d4361c78d24ad72037c7fc2225cc9b88

    • SHA1

      a5d45420950ced134f61662617233ccbc550fdbf

    • SHA256

      42de35756444731a161a5399eeeb524c1f7c6e15d031c91708a6d451c4afadb7

    • SHA512

      df4d6e2470409258dabff992c2c7d827f364d07a6b765a92ba39cb18a2e60a7bb45c0d315d05f847f9acb65ddbe629908a91204a8c13c95d0100fadfcba5a210

    • SSDEEP

      384:jwK8qIgs/s0CdwDhcpN9UtUgqeibVqD8v5:18qIgsLUvXh

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/google/login.html

    • Size

      80KB

    • MD5

      3ef789263e6a75cdc13166386ecebbb3

    • SHA1

      24dc10d9381d31f83a807cd9a37547c50285e99e

    • SHA256

      5e368070a41124048a88accb87b8576e5f32676d6cc6057748e2ba6e5774ed81

    • SHA512

      ceb6ab6021f107ccd0d93bc67589f8ee0604130022fc2d87391f1487797745e28eb777cef03bbe8d2a42cbd320883420e524320ebbd4d225eab5fbf6badeb1f7

    • SSDEEP

      1536:MmMAXA6ILKIHkVBV7p1jLnt28lM3onCFzB/OGYdOf+Z+lkQC6Ujkm:1XA6Oj8qYY2GYoRUjkm

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login.html

    • Size

      9KB

    • MD5

      85d9b45e1ee92f2fcb04f6573488e703

    • SHA1

      a650a2a2be2c7ca90018c230cf87d5791398e75b

    • SHA256

      433f55b5590629be5c2195a61b2287ae6a82d0905b2bfc6ea6b15745a69876a8

    • SHA512

      94ded12053c35731373e2f8568c124ebcad7514691cb411cc87b5e8c1e0024fe8e3760c50730297b242230a9ccace0264ee9ec7a705693be265138aa5ce7bed2

    • SSDEEP

      96:jzi/3N+/pnnG2/wM1R84yULnaUyo1cl1v8lsNZQfehiUOdRgDkaaTlM4XgLAA:/i/3KFGGb8RUervnQfeYDdBdXgcA

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/analytics.js

    • Size

      34KB

    • MD5

      64615acd5da6e5acbd0a54b34174aefe

    • SHA1

      8db13cf86fa09d44b60d8e3e480da1646631b00e

    • SHA256

      3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

    • SHA512

      e77057008fc0a3b8380e9f8daf79bb521daa5ea545e9ddb01de8fd38f70e30c224fd8018c349ec8f32aa9cec7470f204378a70db59ef3eb09807016e84431146

    • SSDEEP

      768:/WHs6JqTUgS9iVUcSgogRe+dV1UKlcLC+Wz1PgvfT6GWs1Zy:OHlq/SHgjRew1UKlQFfeGWsi

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/bootstrap.js

    • Size

      36KB

    • MD5

      9ff12f8df35065e7221c5da316c773ee

    • SHA1

      ea5e64b9fa979880306f24e0d0695303e1c2648b

    • SHA256

      3c4ac435c16ba54e851a53ed658734c69795551abe2015513e3219638763cca4

    • SHA512

      7201adfc0fd6eb267c4efe96860dcb36c7959f643b6f1db7e1bf3bfb93654c985695cfa1461b90ec790b146bc5f357ff66336a53201175031edbc1ab934db76f

    • SSDEEP

      768:piQwiPImSq6I0PZXN8SX2mVhyjSfsGnjoOiA6zl:i0N9G7iA65

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

phishingxwormblankgrabber
Score
10/10

behavioral1

xwormrattrojan
Score
10/10

behavioral2

xwormrattrojan
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
6/10

behavioral16

discovery
Score
6/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10