General
Target

23 de Novembro.lnk

Size

1KB

Sample

211123-st8ajadfd5

Score
10/10
MD5

dbc89ba629ae4c675b9c77d6e2e7db23

SHA1

b27c719b2226145787b90a07494dc66b32817b4e

SHA256

0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf

SHA512

7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://ym4dusty.s3.sa-east-1.amazonaws.com/softo.kn3

Targets
Target

23 de Novembro.lnk

MD5

dbc89ba629ae4c675b9c77d6e2e7db23

Filesize

1KB

Score
10/10
SHA1

b27c719b2226145787b90a07494dc66b32817b4e

SHA256

0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf

SHA512

7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86

Tags

Signatures

  • Generic LATAM Downloader

    Description

    Generic Latin American MSI downloader used to drop various banking trojans.

    Tags

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Use of msiexec (install) with remote resource

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A