Overview

overview

10

Static

static

10

seucartao0...j9.msi

windows7_x64

8

seucartao0...j9.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    seucartao0021 bdpk7zuq ju1ej9.msi

  • Size

    4.0MB

  • Sample

    211221-wcwf7aece3

  • MD5

    8a53e2cb70a3967f721059d146e7ac4c

  • SHA1

    429614ea9a6067160470aa5e101bb33b862deb80

  • SHA256

    7e7d377140a146065c91c271e97dff7bb94f4b42245f1fba4dd2899271281912

  • SHA512

    5ce3076109b4220de0e996eb91addeefeb9c0c9a19b0434b9858c18b69c88151ac8478402ad13efe6c791bb0771dcfec4f7fcc231cb199f7c334fb9c550d6e5d

Score
10/10
latam_generic_downloaderevasionpersistence

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://ec2-54-232-228-35.sa-east-1.compute.amazonaws.com/CUBO/CUB12DRT565676HTUY7887879.zip

Targets

    • Target

      seucartao0021 bdpk7zuq ju1ej9.msi

    • Size

      4.0MB

    • MD5

      8a53e2cb70a3967f721059d146e7ac4c

    • SHA1

      429614ea9a6067160470aa5e101bb33b862deb80

    • SHA256

      7e7d377140a146065c91c271e97dff7bb94f4b42245f1fba4dd2899271281912

    • SHA512

      5ce3076109b4220de0e996eb91addeefeb9c0c9a19b0434b9858c18b69c88151ac8478402ad13efe6c791bb0771dcfec4f7fcc231cb199f7c334fb9c550d6e5d

    Score
    8/10
    evasionpersistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Modifies RDP port number used by Windows

    • Modifies Windows Firewall

      evasion

    • Sets DLL path for service in the registry

      persistence

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks