latam_generic_downloader | fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c | Triage

Sharing

General

Target

b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi
Size

264KB
Sample

211123-smbyraadgr
MD5

b9e49c59ff734f7bdb5f4cc35b1d8bb2
SHA1

4321a500fbe210d4d4b020d92fe211da05cb5065
SHA256

fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c
SHA512

667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://45.56.85.218//HgT.dump

Targets

- Target
  
  b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi
- Size
  
  264KB
- MD5
  
  b9e49c59ff734f7bdb5f4cc35b1d8bb2
- SHA1
  
  4321a500fbe210d4d4b020d92fe211da05cb5065
- SHA256
  
  fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c
- SHA512
  
  667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2