Overview

overview

10

Static

static

10

ee408fa74f...39.msi

windows7_x64

8

ee408fa74f...39.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee408fa74fbfe568a05b0bbeff2e4339.msi

  • Size

    4.0MB

  • Sample

    211122-jr5l7afafl

  • MD5

    ee408fa74fbfe568a05b0bbeff2e4339

  • SHA1

    0e8e7da9769102123a1bd8ad0d22e48338d20495

  • SHA256

    abe6b696965b8e856ccb20587f8a2fc8327169557e0083cebeab58e14a9d0560

  • SHA512

    290d475b870da3d3e436d67b6aed192e1f68be592ee2b9eb70b2731596c8ce13be7c0bfd0192d63b57d4d103cca4f5a6d781ccf8dba17234f73c247de21162ac

Score
10/10
latam_generic_downloadersuricata

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://webchatpyxx12gt.com/O/BGT325GGHDHBDHHBFHJFFF2121.zip

Targets

    • Target

      ee408fa74fbfe568a05b0bbeff2e4339.msi

    • Size

      4.0MB

    • MD5

      ee408fa74fbfe568a05b0bbeff2e4339

    • SHA1

      0e8e7da9769102123a1bd8ad0d22e48338d20495

    • SHA256

      abe6b696965b8e856ccb20587f8a2fc8327169557e0083cebeab58e14a9d0560

    • SHA512

      290d475b870da3d3e436d67b6aed192e1f68be592ee2b9eb70b2731596c8ce13be7c0bfd0192d63b57d4d103cca4f5a6d781ccf8dba17234f73c247de21162ac

    Score
    10/10
    suricata

    • suricata: ET MALWARE Ousaban Banker Checkin M1

      suricata: ET MALWARE Ousaban Banker Checkin M1

      suricata

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks