latam_generic_downloader | 2dd1baf72316b8c0f6935f9e80366a35c1566432c142769482c517a0a236a80a | Triage

Sharing

General

Target

16- 157903.msi
Size

264KB
Sample

211116-yqdveafcg3
MD5

0d259b6b894a65c264395235a3722ab7
SHA1

17495dc4068697be14ea945960f967f704a92597
SHA256

2dd1baf72316b8c0f6935f9e80366a35c1566432c142769482c517a0a236a80a
SHA512

a878b15022e706c31ab2e445b84413512025cd0306146adfa4ce4edabdcc0a29ad822e3d5e2049da63f5a2f3767a0a18c08db7435f82d8eb7a98cb4a6ebd6c6b

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://45.77.75.21/sdump.clie

Targets

- Target
  
  16- 157903.msi
- Size
  
  264KB
- MD5
  
  0d259b6b894a65c264395235a3722ab7
- SHA1
  
  17495dc4068697be14ea945960f967f704a92597
- SHA256
  
  2dd1baf72316b8c0f6935f9e80366a35c1566432c142769482c517a0a236a80a
- SHA512
  
  a878b15022e706c31ab2e445b84413512025cd0306146adfa4ce4edabdcc0a29ad822e3d5e2049da63f5a2f3767a0a18c08db7435f82d8eb7a98cb4a6ebd6c6b
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2