latam_generic_downloader | 0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf | Triage

Submit
Reports

Overview

overview

Static

static

23 de Novembro.lnk

windows7_x64

23 de Novembro.lnk

windows10_x64

Sharing

General

Target

23 de Novembro.lnk
Size

1KB
Sample

211123-st8ajadfd5
MD5

dbc89ba629ae4c675b9c77d6e2e7db23
SHA1

b27c719b2226145787b90a07494dc66b32817b4e
SHA256

0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf
SHA512

7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86

Score

10^/10

latam_generic_downloader banker loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

23 de Novembro.lnk

Resource

win7-en-20211104

latam_generic_downloader banker loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23 de Novembro.lnk

Resource

win10-en-20211014

latam_generic_downloader banker loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://ym4dusty.s3.sa-east-1.amazonaws.com/softo.kn3

Targets

- Target
  
  23 de Novembro.lnk
- Size
  
  1KB
- MD5
  
  dbc89ba629ae4c675b9c77d6e2e7db23
- SHA1
  
  b27c719b2226145787b90a07494dc66b32817b4e
- SHA256
  
  0b58d3b97a11a82aafda54aa682cddc11cf513dbcf980a145a04c8b5a362ccdf
- SHA512
  
  7e5225364a21aae63a9aaef89aeb7994e0c902e81220a4e169463ccb32a17986858d2e53dd9208dea2c07012e4d24f891e67109ec1c2fd7337f2a40328853d86
Score

10^/10

latam_generic_downloader banker loader persistence
- Generic LATAM Downloader
  Generic Latin American MSI downloader used to drop various banking trojans.
  loader banker latam_generic_downloader
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Use of msiexec (install) with remote resource
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latam_generic_downloaderbankerloaderpersistence

behavioral2

latam_generic_downloaderbankerloaderpersistence

© 2018-2024

Terms | Privacy