Overview

overview

8

Static

static

10

73f1227353...fa.msi

windows7_x64

8

73f1227353...fa.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73f1227353bf94e9e829088b81cd25fa

  • Size

    263KB

  • Sample

    210930-ss3nnaaae9

  • MD5

    73f1227353bf94e9e829088b81cd25fa

  • SHA1

    3d7412f2aae4e578712a19fedd5994aab0afee52

  • SHA256

    36417eb2ecdbb537b9679f959a8ab356e954f1a1ae200a360f7fed963c8d04e2

  • SHA512

    604be82de36114922a62d1661a537a2a8023fb354ff41a682a843106f622a688063e78deffda52f0de1a76fc115ccab954fdf6a4250ff43aaa654e13c1b844b1

Score
10/10
latam_generic_downloaderpersistence

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://fmwaretzb.s3.sa-east-1.amazonaws.com/smart.max

Targets

    • Target

      73f1227353bf94e9e829088b81cd25fa

    • Size

      263KB

    • MD5

      73f1227353bf94e9e829088b81cd25fa

    • SHA1

      3d7412f2aae4e578712a19fedd5994aab0afee52

    • SHA256

      36417eb2ecdbb537b9679f959a8ab356e954f1a1ae200a360f7fed963c8d04e2

    • SHA512

      604be82de36114922a62d1661a537a2a8023fb354ff41a682a843106f622a688063e78deffda52f0de1a76fc115ccab954fdf6a4250ff43aaa654e13c1b844b1

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks