latam_generic_downloader | fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c | Triage

Sharing

General

Target

b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi
Size

264KB
Sample

211123-smbyraadgr
MD5

b9e49c59ff734f7bdb5f4cc35b1d8bb2
SHA1

4321a500fbe210d4d4b020d92fe211da05cb5065
SHA256

fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c
SHA512

667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://45.56.85.218//HgT.dump

Targets

- Target
  
  b9e49c59ff734f7bdb5f4cc35b1d8bb2.msi
- Size
  
  264KB
- MD5
  
  b9e49c59ff734f7bdb5f4cc35b1d8bb2
- SHA1
  
  4321a500fbe210d4d4b020d92fe211da05cb5065
- SHA256
  
  fedd8610da159a593c56d0685ce7d579beaab9ccf00487a980ae9b6bf9ff743c
- SHA512
  
  667391e80098f9a24204040a740634f8712f7a3a07b502924c7489abc0af4f0f7d5ff97537949c5de8254279f0279f46f9d265c919f0789a4619a73b53cd8c13
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2