blankgrabber | de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1

Sharing

Copy URL

Twitter E-mail

General

Target

PlutoReaperV2.rar
Size

17.2MB
Sample

250305-yyw1ysxwaz
MD5

6f601fe31134ee1aae5172f0a98fea2c
SHA1

819019f56bb8556d35acb6eb8102cb25c7e43342
SHA256

de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1
SHA512

b6454116a72f7d715f02d7a5d3804ac36f79133e1f0fedb2f464560ba2e4427157a23d9578119409035f55a35d9deadc944035005e9fe7fadb90f0825152e9a9
SSDEEP

393216:jNiHh4xplqWQGVX21xqtACmDjNA887te0fhTswxMM27ZeIpybFA1:jgB4xpoWjXHcjNA8qVoGcZeIpSK

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

field-aye.gl.at.ply.gg:24443

Mutex

MVUVp9tCaPyjpP9v

Attributes

Install_directory
%AppData%
install_file
Windows Defender.exe

aes.plain

Targets

- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/cryptocurrency/login.html
- Size
  
  7KB
- MD5
  
  4274f4194a8806dbce4b2596684aa498
- SHA1
  
  b7e6a10ea693829861493dfe162bb7c3c1639c8a
- SHA256
  
  0c8190be1be671249b9a516114121c232d1b90b44a383316f5ae3dc7d002ffe2
- SHA512
  
  6e1a6a21cb798c20ac9e1ee826b66468735f609808e41d43d71fde5903d4dcb2f0a555e10c26fc1fcf02f524438ec96bce81eb3e85e18787c438f2a01c1efc6f
- SSDEEP
  
  96:mGe7ZNWrDrDFIbTIVxw1vw+Z1vcQJy/+OrQ/EYwvhGDIZ/+mQXOCnCZPCYC9Gi:Wx4cywMh7ZsX/CY9z
Score

3^/10

discovery
behavioral1
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/devianart/login.html
- Size
  
  74KB
- MD5
  
  2c4c4782edf762ef3d91ab073b9c2be7
- SHA1
  
  85d6da97e9ac1bbbcd148376ad70ba12f97b81ba
- SHA256
  
  db3440e5a15c5a13603422612155a555db2b8e60fef07f023900e3eae23e7219
- SHA512
  
  c5993c55fd119fc37bc6d3a12c53c8b268c4828dc0f89451cb092e4f2cbc3e8ca78d5acb17f229c3f9baae52cd8c4d1184e315d31a544df218de81c5dd3a91a2
- SSDEEP
  
  1536:8CgR5Pt5Rk4OfZEVYnQfbltvgwoaKPzfmrBXmLK8jhbTWwPY49h1g4ng4dSMoKNq:8Mwo9PLcXmrjhbTWgYs1oxRN
Score

3^/10

discovery
behavioral2
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/dropbox/login.html
- Size
  
  67KB
- MD5
  
  2ff95476dfb7e366d81924cb8c354a22
- SHA1
  
  fe08dfc8b7f99c0ba5702ea7b346606e4078cc29
- SHA256
  
  7e5bc50905ba754480a3915e127095659132905c9f674c51f8f8dde70990e903
- SHA512
  
  13118bfad9ef3a7e14f3f61ca95e97f666d915d0e00434e29f640228f9638ee68d073343fd69e14082169d66b661fa59df58c29296210d733810e5dd6d5f4885
- SSDEEP
  
  768:DulsKt6IebM4hKmbKTLm0+SPNGEyRbyiBchgZYYq1YrWmR4iOmeB/MISJvKlJjJT:rnIqM4hZHyicckiOmeBap9h6LyZPiJ
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral3
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/login.html
- Size
  
  398KB
- MD5
  
  dae741701bcfb2cf53f8a7f84b469c17
- SHA1
  
  af15ff21fc5b63ae5d2a7aaf37cea44fde111006
- SHA256
  
  1db4924a7408e2f5b755185a81bc3f181141e6767144089d9ece8a226ef78658
- SHA512
  
  985e18511085e06a0288b6b2dea54a064361b75884c70c2422549baa1e8be557d463ef5d28c1a3c6ec88069e90fdb45371fb54e33f2ea76e449e4f34c177d383
- SSDEEP
  
  3072:0T7LB+wkce0gcYSLyCw9riAw1RTDMgrA8GfLcmLdC+BC:0t1kc1LyRWL11MgkYqBC
Score

3^/10

discovery
behavioral4
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/mobile.html
- Size
  
  9KB
- MD5
  
  781baa7878daf277f0faba6353ed541e
- SHA1
  
  1aadcd6dcc52218b5652f7c91d9c4d741536307b
- SHA256
  
  2117e2514f1666864ca757e53dd379dc88eaf92255613057fa5f0668aca68379
- SHA512
  
  88c0efa80ebd0a9f91e5b245d6d55718a2f1bd27a645ed9a96b831f38e6eeb98c20a744c665342c4f47b40a8228cf41a33b0b2864d5c301345c1e4f8cbbcca49
- SSDEEP
  
  192:S/GYrJb8WGtE5f6eE7w5a91mFsOYoTKqob:S/GYrJb8WGtEET8a
Score

1^/10
behavioral5
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/github/login.html
- Size
  
  12KB
- MD5
  
  4d969a8b2808c635de7e359e64e64b67
- SHA1
  
  32d826f58a3b647f0ddf25b5cea4a8e13e737a58
- SHA256
  
  28ecf3a981f4b2eb37b499401745bc5b06ec1c80b27c3d45981edefc53ac45d5
- SHA512
  
  c648486c0657043e9bd1771f6ac1ee41e023c14e81f4e67da5e950adb749700121aca2bdedba962284434860a3899f2b21133ecaabeabaf96a3df96ddf67dd03
- SSDEEP
  
  384:Arc/x+o/yXVYRYhHyQrmbPi3a5HymU1W/7b:Aop14uq5bsHxU4X
Score

3^/10

discovery
behavioral6
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/google/login.html
- Size
  
  80KB
- MD5
  
  3ef789263e6a75cdc13166386ecebbb3
- SHA1
  
  24dc10d9381d31f83a807cd9a37547c50285e99e
- SHA256
  
  5e368070a41124048a88accb87b8576e5f32676d6cc6057748e2ba6e5774ed81
- SHA512
  
  ceb6ab6021f107ccd0d93bc67589f8ee0604130022fc2d87391f1487797745e28eb777cef03bbe8d2a42cbd320883420e524320ebbd4d225eab5fbf6badeb1f7
- SSDEEP
  
  1536:MmMAXA6ILKIHkVBV7p1jLnt28lM3onCFzB/OGYdOf+Z+lkQC6Ujkm:1XA6Oj8qYY2GYoRUjkm
Score

3^/10

discovery
behavioral7
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login.html
- Size
  
  9KB
- MD5
  
  85d9b45e1ee92f2fcb04f6573488e703
- SHA1
  
  a650a2a2be2c7ca90018c230cf87d5791398e75b
- SHA256
  
  433f55b5590629be5c2195a61b2287ae6a82d0905b2bfc6ea6b15745a69876a8
- SHA512
  
  94ded12053c35731373e2f8568c124ebcad7514691cb411cc87b5e8c1e0024fe8e3760c50730297b242230a9ccace0264ee9ec7a705693be265138aa5ce7bed2
- SSDEEP
  
  96:jzi/3N+/pnnG2/wM1R84yULnaUyo1cl1v8lsNZQfehiUOdRgDkaaTlM4XgLAA:/i/3KFGGb8RUervnQfeYDdBdXgcA
Score

3^/10

discovery
behavioral8
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/analytics.js
- Size
  
  34KB
- MD5
  
  64615acd5da6e5acbd0a54b34174aefe
- SHA1
  
  8db13cf86fa09d44b60d8e3e480da1646631b00e
- SHA256
  
  3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
- SHA512
  
  e77057008fc0a3b8380e9f8daf79bb521daa5ea545e9ddb01de8fd38f70e30c224fd8018c349ec8f32aa9cec7470f204378a70db59ef3eb09807016e84431146
- SSDEEP
  
  768:/WHs6JqTUgS9iVUcSgogRe+dV1UKlcLC+Wz1PgvfT6GWs1Zy:OHlq/SHgjRew1UKlQFfeGWsi
Score

3^/10

execution
behavioral9
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/bootstrap.js
- Size
  
  36KB
- MD5
  
  9ff12f8df35065e7221c5da316c773ee
- SHA1
  
  ea5e64b9fa979880306f24e0d0695303e1c2648b
- SHA256
  
  3c4ac435c16ba54e851a53ed658734c69795551abe2015513e3219638763cca4
- SHA512
  
  7201adfc0fd6eb267c4efe96860dcb36c7959f643b6f1db7e1bf3bfb93654c985695cfa1461b90ec790b146bc5f357ff66336a53201175031edbc1ab934db76f
- SSDEEP
  
  768:piQwiPImSq6I0PZXN8SX2mVhyjSfsGnjoOiA6zl:i0N9G7iA65
Score

3^/10

execution
behavioral10
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery.js
- Size
  
  2KB
- MD5
  
  d012fbbcb76e4ceec0352b9fe473e4fd
- SHA1
  
  5d4911bc2ffee1bbf7a2bfda3dc68d082210aa78
- SHA256
  
  2e8504f05b5908a7ca54a7f94be9a4ac3efa338fefa1614708e8defeb668174c
- SHA512
  
  088de45258f6082e1651cc90368788087b26b7b8d9195cb165b3896fa539e35a99584c8381017ddb242e24785775975ef74019c2918fdb7d68f7b22c305eaf72
Score

3^/10

execution
behavioral11
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_002.js
- Size
  
  84KB
- MD5
  
  493592e649eacf132e363aeaf1dad71d
- SHA1
  
  184374955dffdddb8f0da6c7b37e71996be016a2
- SHA256
  
  35426acd5d1017ffd0d43b95037e67e32a3dbc37f9d2977d29590ef066a40fea
- SHA512
  
  3f1c56f7b3806d70ae45fc9885b0a0a3595bc0acef52950a1e869a98c9d97b6d3966a76287284ea0e36a6b50582733ca4e5380112a2baa2302d2e48eab041b5f
- SSDEEP
  
  1536:M2EKyjDjdCiCZZoOOhqJL+4tr7ZxdnuId3fcJ/BDgLgNE4nC8BGm6cI7dAcXJxtF:kXlhqm9tN1nGm9gAc7t5ki
Score

3^/10

execution
behavioral12
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_003.js
- Size
  
  2KB
- MD5
  
  45103ba8183745c921070d9cdccc0f6c
- SHA1
  
  65e1bad3c9001c11e0251ad621da8681afcef10a
- SHA256
  
  a78070acdbcd1310a1d80834fe25fc51174a005c4a89405b2b043b60f1a54c52
- SHA512
  
  57f74b95bee8d8203baf528f710c920733ff0f33c0b58198c3367494c32925b4d84f35a5dfe933366eb94b124a0eed9cc5b3fd90a089705ec6999199638a4d28
Score

3^/10

execution
behavioral13
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_004.js
- Size
  
  84KB
- MD5
  
  e071abda8fe61194711cfc2ab99fe104
- SHA1
  
  f647a6d37dc4ca055ced3cf64bbc1f490070acba
- SHA256
  
  85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
- SHA512
  
  53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65
- SSDEEP
  
  1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
Score

3^/10

execution
behavioral14
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_005.js
- Size
  
  1KB
- MD5
  
  5a21f990be25aba8635ba0584aa0c80c
- SHA1
  
  fae30cfb15aae42364cf7d2101f9ca027f7a0d7b
- SHA256
  
  be2a1ed5e89385f6854cc07c64d33f00b2234d4b17f614f2cc06cb2e984ea82f
- SHA512
  
  63010b262e87ca005660c4b64222950ae49a50bf4e3ee04988cc747a1bb9febe5dcd5e30029fdbd09df890655c42e3e99096b2c01f4c3b8a7728e751282fd256
Score

3^/10

execution
behavioral15
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_006.js
- Size
  
  3KB
- MD5
  
  637496a7897c7454a1dba53f8e351310
- SHA1
  
  9d5c6d1a578ab7b0e7eaaa11c73893a88861c2b0
- SHA256
  
  8fb0e57f26ae2575b406086113321e4bee1d66e9a00c6f71e3f670bc0562998e
- SHA512
  
  5ee0e1dbb99bf0b044dfd8c123a5f1a9f87512f3d53cae3a50e37ce94c26133aa31f1dea8143de6a13c7b96fae9fbccc6474eb460e1214a01caa1072bc884279
Score

3^/10

execution
behavioral16
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/js.js
- Size
  
  69KB
- MD5
  
  c677eba3d4798fb59a1581405a4a1a17
- SHA1
  
  bf00724bcdc49ce34f73da321a84d9768d1a774c
- SHA256
  
  e8c0d1054ecbad1ec6e9cc8d556d8c8e2735f9c26ad5e19e4c8c4a1a044580fd
- SHA512
  
  80fbd5a5c05d8d674a36375da26166ef42d33cc958259036a33b881f7ca6270508bd165c7e60760e56778c80398589feb049f54cd70e9fe42587a2c95473712b
- SSDEEP
  
  1536:B/71brZ09a1emCTF3mAXiQa+4y1k9ScU0tUqXT95:B/7mag3h3mAXD4GA
Score

3^/10

execution
behavioral17
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/otherscript.js
- Size
  
  6KB
- MD5
  
  84b720131047802a079f6093f89f818e
- SHA1
  
  e70d1d0c4b872e455af7d20bb6d4366317a6338d
- SHA256
  
  21a3c03ce64eec4fb9204581216e2f6add5a9bac392995fc685d3af415abc5ec
- SHA512
  
  fdb246b158c1be96e620617424b1244b07e3ef3480e968fa9f8ebcde35eea5c1ccb31b91c42ca7a27d7a16490729f9bccea4a0edcc9b672ba4a6534f8562b066
- SSDEEP
  
  96:Jb+X8mKRJnV+7B1nVVunVK4si8ncB1FpRIwKUJQtPU74IE:JKX4ZV+ddVYVK4si8ne1//KSwPU74j
Score

3^/10

execution
behavioral18
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/scripts.js
- Size
  
  6KB
- MD5
  
  762051c96ac56e636fec16ed2b993c39
- SHA1
  
  e90e3e3a8a275446007404065124e2bf3c5c8177
- SHA256
  
  481d3573e0d44ca93371539973a317eaaf61adbb3a06b11b1b71d944122fd9f8
- SHA512
  
  cd725cc8622cae5b831b64529921a78cf2f6ccb29cb2de69ca35e36592629fa4ca61a951fb0a3672e79acb22faff6198664b8878f283a3c777dbd40541329c84
- SSDEEP
  
  96:Tu8HmvvetIbOptaIcQmJmEx6Hb51CyCvyIKiyLvXyVzAJeSra30JykGv:i8Gvmq66IcTwEE51CyCvypi9+eaakJYv
Score

3^/10

execution
behavioral19
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/smoothscroll.js
- Size
  
  4KB
- MD5
  
  6f07fa3856c0062d0bc4023909512d21
- SHA1
  
  e704219ed565f2575e0ee914dae5809bbaed45c1
- SHA256
  
  a56d78f3ee3fa34a95c3dd9637ffad6a781d70551c105389df515dd4d01772bd
- SHA512
  
  383c01548a4d61f43a93618142d9be78cf3c53f06ee4182b50e8b4cffd4ff732c25b921f5155e6013b8ae327dc2fab6c039d149d7b48ae708624cb5b9f2ca020
- SSDEEP
  
  96:TEwvqiXkLbnhpj52FOO0/Gg1XAqScUSt05/gR/AESNBeIQemQd29C:VvqzLbnhpj5WYbrUSt05/gR/Agden28
Score

3^/10

execution
behavioral20
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instagram/index_files/f9e5c0ca0804.js.download
- Size
  
  529KB
- MD5
  
  5444b5168ab99762807c4d894440ff67
- SHA1
  
  11916472efe7ea99c76cdd341316793386ea1d6f
- SHA256
  
  abe26e3273ad85e1070eb72f601a26dc00c964ad53fe2c8164b880f2056353b6
- SHA512
  
  b8bf29d3a9361221f0491861235859f1dab7e721127e059391e6eccc055a31782719064aa2194d24d5e96cf5c403cea24737a3099e766ccd678984a2a6b6a7ca
- SSDEEP
  
  6144:/ChdpwtCy/BSzniRlYPnRHHtIiZCAVdiprIuJmf5r4iX/wknypCOo6EQ36ei9+:6KRsZCAVQlJmf5r4iPwknypVEQxS+
Score

3^/10

execution
behavioral21
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instagram/index_files/lY4eZXm_YWu.html
- Size
  
  42KB
- MD5
  
  47ff65d1e748b01d625ae22c277108bc
- SHA1
  
  0497a6eedfabce0df759d7335e2c48d600d60263
- SHA256
  
  ea9f43e2033b48a34baceab019007a5119b4149ce9f661349eaceec903f11bfd
- SHA512
  
  f8fc0e83c627edf74634280b582b94639029473a355de339f15e12d782acfb284060a4f7521a365f79293a951ce8c1c46eebe58439f2742207cc07ef8caad15a
- SSDEEP
  
  768:Hk3Gq2k0Au41l4jT070KA3MUy+ZhTmHKFN:Hhq2IoKAEgTmHKFN
Score

3^/10

discovery
behavioral22
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instagram/index_files/sdk.js.download
- Size
  
  209KB
- MD5
  
  b8b2206fe50d0254816086113cf6df11
- SHA1
  
  a565df8e1c4f0dad69635c4858736f6fdc9552f2
- SHA256
  
  d385fa843e7ee41a3a0a65a0847c9382ba2de5ba6c2080cab595e21c4b87ab4f
- SHA512
  
  58e71810c1378bdc798d225acd4a154e6100021cf03dfa9fee72891d11f4e181b3b8b217503ffb119be39a4ad91435efef187fd70e67bc47755fe5f291bb61e8
- SSDEEP
  
  3072:41ThP1iEPZTLmUbF42wvxd/+0WosIkPNCthq8sexI:6h9iEPF7F42wX+0WouCnq8sexI
Score

3^/10

execution
behavioral23
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instagram/login.html
- Size
  
  134KB
- MD5
  
  98cd3da84530a5bb8161964f350f6ae8
- SHA1
  
  2e7f521beac6de7abd8fa1219ceefb94280d3b32
- SHA256
  
  569a26536c55d7fde9171f875ba8fe76e9d80c331fd33b9c934df230004c66e3
- SHA512
  
  4d5e9ab8fcc257fb6993994285101f197f4f211bb294ed55af2a2e69ecc46b27ed90d8b152c2d1d85a98fa22f597d383b2055e4485648f7aca9d1f32b1742784
- SSDEEP
  
  1536:wCsH26lvQC7EKwb6CwLB2GKiuDUE8RqOzR6eNiYKIDnxUQCoTKODBjlIG+Ajs9IG:wCcCCNcGKiVNiODnx937sm3vLScZK
Score

1^/10
behavioral24
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/linkedin/login.html
- Size
  
  43KB
- MD5
  
  d229935db6ac40e26f9cd0363ec68607
- SHA1
  
  0dd64e9662932dd5e62202b948693b4aa7a4a30c
- SHA256
  
  ea9ff92d82654c353aa8f241dadfd68e698907f37d7415bc6bd0cebde4f201ad
- SHA512
  
  7b50e48fb3cf145fa39f294fd9c7f75e027a404b48dc8e0becb88fdb3944c3263ce561dee8224a215a05a367ec6a4c1e80346b26a091895c5d8e2f07a8eee34c
- SSDEEP
  
  768:aZRjo5C5Ele2s9pcuEre/m4+jspyChNiZY+HPZ5alQg9+dddl41uOn5DGXU4G2:aZRjo5C5Ele2s9pcuZO1jspyCfia+HPb
Score

3^/10

discovery
behavioral25
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/messenger/login.html
- Size
  
  634KB
- MD5
  
  d03f449ddafd99f4096392f0e13269bb
- SHA1
  
  dc80afc9b309f6aa4f6520eecc9696e5fee68b9e
- SHA256
  
  5709c7aa3267c15e198d9bc8d3512d9eced777f5896a1e01d9748fe43d026163
- SHA512
  
  6e5eae35e892994c666308c2609bec8945ae1f00b2df1fa75a2f78a1aad13ca9cae25f4bc1e5ed50da1a6f05b68d80fdf03aa536fc5ed3e9a8f16265af2ee6d2
- SSDEEP
  
  6144:dGwlGOHlhelwA/HRo/lfEsZBdMlyJxZSdxRQhVJ:dGwzrelwA/KRVBd7Z
Score

3^/10

discovery
behavioral26
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/ConvergedLoginPaginatedStrings.EN.js
- Size
  
  16KB
- MD5
  
  f606a268585e8e1d246940b2945bdf12
- SHA1
  
  3bbe9045e060ee4df7c13a0f0155e968442e8896
- SHA256
  
  9ed7ca26da41a6314db0efd4c26badf3346991b6b7cdf9eec315fa6730ee688a
- SHA512
  
  4b066ba4d9546a040c42f92d7d0e74202b142275086054f74dd94067c6e8cf292138a9b329f3be2fc95a60613fd1cb4a45f3a2f5ba1289974ceb3debd7228ee7
- SSDEEP
  
  384:KtfPh8wOhbOsIFvdIkAPy+Ke/PngxPLQdrGi0Q:aJ8HOsIFqkAPy+d/PngxPLQg4
Score

3^/10

execution
behavioral27
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/ConvergedLoginPaginatedStrings.js
- Size
  
  16KB
- MD5
  
  bed8f14ce89a54043c5db2112c3377a4
- SHA1
  
  f123028d8f62a78c80f70711636dbcaa7670cc5d
- SHA256
  
  968b0918d74c4108d1695cb6d4075cb5bdadad0fd97ff5e9f9540fc6292f191e
- SHA512
  
  a75948cc4c6206cc220e3f95164267766c32ad240e95fd97de35dd2d307b0251575cfcf949614fafdd5757af98715fe9e600618ef33e1f6e7f036e1f08682c48
- SSDEEP
  
  384:KNrcVPh8wzhbOsIFvdIkdjy+Ke/PngxPLQ78Gi0Q:dVJ84OsIFqkdjy+d/PngxPLQj4
Score

3^/10

execution
behavioral28
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/ConvergedLogin_PCore.js
- Size
  
  418KB
- MD5
  
  d7b6d0b51160229925f2c18dfdd6fea2
- SHA1
  
  0fe9e8dd0dbe31b682a1c851a344860f175b5919
- SHA256
  
  db255a3725ebe9511b9f4bc95d906b8ea2d1bc8d37ed799efa8cadb5ca6b6206
- SHA512
  
  c05afe7be49c45b498101067fe0d4ce4e79dd90be98d1e00fc27d0ffff64a8b4abe5a6c17703622596640304f0591b412c6e6f7ab3c58ac44104dbfb8db99de7
- SSDEEP
  
  6144:Qt4bHRrimfW57yajvkyQ1a2GUiRKLi5WkY+K:Q6Rrijyay
Score

3^/10

execution
behavioral29
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/prefetch.html
- Size
  
  3KB
- MD5
  
  d582503354aeb7527da0e2c23cf6a87b
- SHA1
  
  218f73a8a88c7719a493bc8bcd97d2260f4b7612
- SHA256
  
  0f2176dcd91136cd67d92842d2d3db73bf8380e4eaeaae74c5709f18983297be
- SHA512
  
  144926531d77e298b2a75bfd914430f98ef18293fc2847fb26ba9f1111bf6c8b7680ed16febe088dcb64bae0fdf148e273920aa70a2bc21b140580f2411db5bd
Score

3^/10

discovery
behavioral30
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/prefetch_data/boot.js
- Size
  
  642KB
- MD5
  
  eb24fff6142ca0bb422a93719278815b
- SHA1
  
  88227aa6d22e3cd6c8491c6c78b2aa9b3229ef36
- SHA256
  
  e230cf01ca2fd3a19eb9f43f6dc35fd2a92fc2dccc96d8b92891fe8eb5bd80db
- SHA512
  
  d435f873977565f610f566b24d4553a1d471a6a5d948e8ae20c50e4db7773c3851bf5e99f91c14c428a0de18ff7e1897331cf1ef044b674b4fe1d3b16384952c
- SSDEEP
  
  12288:MHLherEFR8YKDBbio4qQZEhmrcFLG4ZNkPi:MHLhtwT/4qhUcFdKi
Score

3^/10

execution
behavioral31
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/microsoft/index_files/prefetch_data/boot_002.js
- Size
  
  642KB
- MD5
  
  18a7badcaf56d1f1a18ed8f4e8cdc99e
- SHA1
  
  f76574c0c51b9de1325849a0198280b7d75b4718
- SHA256
  
  5746b5b2319fb40cc9613656f0c809520039efbf58b6eff58956c55e884fd231
- SHA512
  
  054e8b72b2055017cf8d5150981bc6cc3414ed7fa245245a63ddbd58413136b7f950c95ef2e2b2776f09270e2444ef4eb0d9b0e8d7e82924ee021d1c1b8b6637
- SSDEEP
  
  6144:q500gYKHe7+5JoaRXSFAmrVO3fleBnAfKXXlGmluB1KA+LNdhiyndid7pbZbUZ:o0IK+mnXSFPzAfU1GmkB/sdhiyMdTUZ
Score

3^/10

execution
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32