General
Target

b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi

Size

264KB

Sample

211123-smbyraadgr

Score
10/10
MD5

b9e49c59ff734f7bdb5f4cc35b1d8bb2

SHA1

4321a500fbe210d4d4b020d92fe211da05cb5065

SHA256

fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c

SHA512

667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://45.56.85.218//HgT.dump

Targets
Target

b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi

MD5

b9e49c59ff734f7bdb5f4cc35b1d8bb2

Filesize

264KB

Score
8/10
SHA1

4321a500fbe210d4d4b020d92fe211da05cb5065

SHA256

fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c

SHA512

667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13

Signatures

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        10/10

                        behavioral1

                        Score
                        8/10

                        behavioral2

                        Score
                        8/10