Overview

overview

10

Static

static

10

0329fb0b86...78.msi

windows7_x64

8

0329fb0b86...78.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0329fb0b86a0f542c95c6405d5cb8e78.msi

  • Size

    4.0MB

  • Sample

    211217-lpx6faebfk

  • MD5

    0329fb0b86a0f542c95c6405d5cb8e78

  • SHA1

    1871d26fb53a65d99bb72819e0069804cebe3443

  • SHA256

    0b9d503e19f5555e2f2d13d629f9ba95f33a1317a1cc38d54daf176f52827d3c

  • SHA512

    b156c3c65da4ab00835f1d727e4da41e0e965f64da4a2f7eb1fe7a9025791daab4e931dfb36a834cb277c756f8f5d2addd78ef606e091e0594d78c92d5de31df

Score
10/10
latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://ec2-18-228-11-80.sa-east-1.compute.amazonaws.com/TES/M98867567576756U6U6U67.zip

Targets

    • Target

      0329fb0b86a0f542c95c6405d5cb8e78.msi

    • Size

      4.0MB

    • MD5

      0329fb0b86a0f542c95c6405d5cb8e78

    • SHA1

      1871d26fb53a65d99bb72819e0069804cebe3443

    • SHA256

      0b9d503e19f5555e2f2d13d629f9ba95f33a1317a1cc38d54daf176f52827d3c

    • SHA512

      b156c3c65da4ab00835f1d727e4da41e0e965f64da4a2f7eb1fe7a9025791daab4e931dfb36a834cb277c756f8f5d2addd78ef606e091e0594d78c92d5de31df

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks