Description
Generic Latin American MSI downloader used to drop various banking trojans.
General
Target
Size
Sample
23 de Novembro.lnk
1KB
211123-st8ajadfd5
Score
10/10
MD5
SHA1
SHA256
SHA512
dbc89ba629ae4c675b9c77d6e2e7db23
b27c719b2226145787b90a07494dc66b32817b4e
0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf
7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86
Malware Config
Extracted
| Family | latam_generic_downloader |
| C2 |
https://ym4dusty.s3.sa-east-1.amazonaws.com/softo.kn3 |
Targets
Target
MD5
Filesize
23 de Novembro.lnk
dbc89ba629ae4c675b9c77d6e2e7db23
1KB
Score
10/10
SHA1
SHA256
SHA512
b27c719b2226145787b90a07494dc66b32817b4e
0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf
7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86
Tags
Signatures
-
Generic LATAM Downloader
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Use of msiexec (install) with remote resource
-
Adds Run key to start application
Tags
TTPs
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10