Overview

overview

8

Static

static

10

16- 838594.msi

windows7_x64

8

16- 838594.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16- 838594.msi

  • Size

    264KB

  • Sample

    211116-yqdveafcg4

  • MD5

    c0b81ddd61e2036eeeaa57ffec65eb0a

  • SHA1

    190fc125a9d5bdd899c270ed4b0d604e0d22fb5e

  • SHA256

    9015936f2891016026c8e4b7317ea2f36f976bec13d9763068f004f9cc3b7a6d

  • SHA512

    1f065f5f03307a851b6d56ac123a06c3a2af03dd66ffa06f54483d385217729e17e92365ca9fe098eaeaeba9fbdf52c0a7671f7925b3719490f10dacbbb56aae

Score
10/10
latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://45.77.75.21/sdump.clie

Targets

    • Target

      16- 838594.msi

    • Size

      264KB

    • MD5

      c0b81ddd61e2036eeeaa57ffec65eb0a

    • SHA1

      190fc125a9d5bdd899c270ed4b0d604e0d22fb5e

    • SHA256

      9015936f2891016026c8e4b7317ea2f36f976bec13d9763068f004f9cc3b7a6d

    • SHA512

      1f065f5f03307a851b6d56ac123a06c3a2af03dd66ffa06f54483d385217729e17e92365ca9fe098eaeaeba9fbdf52c0a7671f7925b3719490f10dacbbb56aae

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks