Description
Attempts to read the root path of hard drives other than the default C: drive.
General
Target
Size
Sample
Proc.Eeletronico80rdgkj4 qoz4br.msi
3MB
211123-qp4ensdch9
Score
10/10
MD5
SHA1
SHA256
SHA512
1321ee6809d5368dc9ec125e04bc4cf8
f1c0503e18eba4af77c5e637b38f2cf323e6c2bc
c8c447eabc388282ef6ee8678cce4aa65557bf557a936109485648fd217baae8
c348633687ec45a8c6a82fb7339ceb54bcc7c7448108841d4c4aa54ab15de582dd4b2b981ce76c743dd6d3f5ceaf96491cf2a9065df3439aafd33d1398900597
Malware Config
Extracted
| Family | latam_generic_downloader |
| C2 |
https://jridicaopyxxxqrcgold.com/M1/ABGSGDEY4754657588V.zip |
Targets
Target
MD5
Filesize
Proc.Eeletronico80rdgkj4 qoz4br.msi
1321ee6809d5368dc9ec125e04bc4cf8
3MB
Score
8/10
SHA1
SHA256
SHA512
f1c0503e18eba4af77c5e637b38f2cf323e6c2bc
c8c447eabc388282ef6ee8678cce4aa65557bf557a936109485648fd217baae8
c348633687ec45a8c6a82fb7339ceb54bcc7c7448108841d4c4aa54ab15de582dd4b2b981ce76c743dd6d3f5ceaf96491cf2a9065df3439aafd33d1398900597
Signatures
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
10/10
behavioral1
Score
8/10
behavioral2
Score
8/10