Analyzing the nasty .NET protection of the Ploutus.D malware.
Tags
attack-pattern: Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID da73e94d-daf8-4ed0-8560-fcf8adf8e8a1
Fingerprint a8300996a8f74f88
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 26, 2018, 11:28 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Secure coding and more
Title Analyzing the nasty .NET protection of the Ploutus.D malware.
Detected Hints/Tags/Attributes 41/1/28
Source URLs
Redirection Url
Details Source http://antonioparata.blogspot.co.uk/2018/02/analyzing-nasty-net-protection-of.html
Details Source http://antonioparata.blogspot.com/2018/02/analyzing-nasty-net-protection-of.html
Details Source http://antonioparata.blogspot.it/2018/02/analyzing-nasty-net-protection-of.html
URL Provider
Details Provider Source level domain
Details blogspot.co.uk antonioparata.blogspot.co.uk
Details blogspot.com antonioparata.blogspot.com
Details blogspot.it antonioparata.blogspot.it
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details Domain 1 
usbtest.ddns.net
Details Domain 80 
goo.gl
Details Domain 1 
www.eziriz.com
Details Domain 7 
www.phrack.org
Details Domain 47 
www.slideshare.net
Details File 6 
clrjit.dll
Details File 1 
obfuscatedfile.cs
Details File 1 
dotnet_reactor.htm
Details File 1 
yara.pdf
Details File 1 
dotnet_instrumentation.html
Details Github username 1 
enkomio
Details Github username 4 
0xd4d
Details Github username 7 
dotnet
Details md5 1 
ae3adcc482edc3e0579e152038c3844e
Details Url 1 
https://github.com/enkomio/conferences/tree/master/hackinbo2018
Details Url 1 
https://goo.gl/6wy14v
Details Url 1 
https://github.com/0xd4d/dnspy
Details Url 1 
https://goo.gl/owztc1
Details Url 1 
https://goo.gl/okgj1k
Details Url 1 
https://goo.gl/mvdhuu
Details Url 1 
https://goo.gl/d6n797
Details Url 1 
http://www.eziriz.com/dotnet_reactor.htm
Details Url 1 
https://goo.gl/rxew1g
Details Url 1 
https://github.com/enkomio/shed
Details Url 1 
http://www.phrack.org/papers/dotnet_instrumentation.html
Details Url 1 
https://www.slideshare.net/s4tan/net-for-hackers
Details Url 1 
https://github.com/dotnet/coreclr/blob/master/src/inc/corjit.h#l241