latam_generic_downloader | 7e7d377140a146065c91c271e97dff7bb94f4b42245f1fba4dd2899271281912 | Triage

Submit
Reports

Overview

overview

Static

static

seucartao0...j9.msi

windows7_x64

8

seucartao0...j9.msi

windows10_x64

8

Sharing

General

Target

seucartao0021 bdpk7zuq ju1ej9.msi
Size

4.0MB
Sample

211221-wcwf7aece3
MD5

8a53e2cb70a3967f721059d146e7ac4c
SHA1

429614ea9a6067160470aa5e101bb33b862deb80
SHA256

7e7d377140a146065c91c271e97dff7bb94f4b42245f1fba4dd2899271281912
SHA512

5ce3076109b4220de0e996eb91addeefeb9c0c9a19b0434b9858c18b69c88151ac8478402ad13efe6c791bb0771dcfec4f7fcc231cb199f7c334fb9c550d6e5d

Score

10^/10

latam_generic_downloader evasion persistence

Static task

static1

latam_generic_downloader

Behavioral task

behavioral1

Sample

seucartao0021 bdpk7zuq ju1ej9.msi

Resource

win7-en-20211208

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

seucartao0021 bdpk7zuq ju1ej9.msi

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://ec2-54-232-228-35.sa-east-1.compute.amazonaws.com/CUBO/CUB12DRT565676HTUY7887879.zip

Targets

- Target
  
  seucartao0021 bdpk7zuq ju1ej9.msi
- Size
  
  4.0MB
- MD5
  
  8a53e2cb70a3967f721059d146e7ac4c
- SHA1
  
  429614ea9a6067160470aa5e101bb33b862deb80
- SHA256
  
  7e7d377140a146065c91c271e97dff7bb94f4b42245f1fba4dd2899271281912
- SHA512
  
  5ce3076109b4220de0e996eb91addeefeb9c0c9a19b0434b9858c18b69c88151ac8478402ad13efe6c791bb0771dcfec4f7fcc231cb199f7c334fb9c550d6e5d
Score

8^/10

evasion persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies RDP port number used by Windows
- Modifies Windows Firewall
  evasion
- Sets DLL path for service in the registry
  persistence
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

latam_generic_downloader

behavioral1

evasionpersistence

behavioral2

© 2018-2024

Terms | Privacy