General
Target

Proc.Eeletronico80rdgkj4 qoz4br.msi

Size

3MB

Sample

211123-qp4ensdch9

Score
10/10
MD5

1321ee6809d5368dc9ec125e04bc4cf8

SHA1

f1c0503e18eba4af77c5e637b38f2cf323e6c2bc

SHA256

c8c447eabc388282ef6ee8678cce4aa65557bf557a936109485648fd217baae8

SHA512

c348633687ec45a8c6a82fb7339ceb54bcc7c7448108841d4c4aa54ab15de582dd4b2b981ce76c743dd6d3f5ceaf96491cf2a9065df3439aafd33d1398900597

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://jridicaopyxxxqrcgold.com/M1/ABGSGDEY4754657588V.zip

Targets
Target

Proc.Eeletronico80rdgkj4 qoz4br.msi

MD5

1321ee6809d5368dc9ec125e04bc4cf8

Filesize

3MB

Score
8/10
SHA1

f1c0503e18eba4af77c5e637b38f2cf323e6c2bc

SHA256

c8c447eabc388282ef6ee8678cce4aa65557bf557a936109485648fd217baae8

SHA512

c348633687ec45a8c6a82fb7339ceb54bcc7c7448108841d4c4aa54ab15de582dd4b2b981ce76c743dd6d3f5ceaf96491cf2a9065df3439aafd33d1398900597

Signatures

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        10/10

                        behavioral1

                        Score
                        8/10

                        behavioral2

                        Score
                        8/10