General
-
Target
seucartao0021 0iictl3q h6ozq5.msi
-
Size
4.0MB
-
Sample
211223-mx8sksadbm
-
MD5
04573ca4c50c5c352ec0859d6a14953a
-
SHA1
1a6780e61a658511f141fa8305ed9a9f318f5518
-
SHA256
57675d518613f20edc235c2975eadba7aa15d19aa460df03b443c99cff0d26d1
-
SHA512
d2ac8b26969f25b9c4da413a54118bcfc181dd2bffdabc771119fb5837825d560807862ea4a75f0985b0e2c261d9678fc18a4975bb8c24399e5e248362d9664d
Malware Config
Extracted
latam_generic_downloader
http://ec2-54-232-228-35.sa-east-1.compute.amazonaws.com/CUBO/CUB12DRT565676HTUY7887879.zip
Targets
-
-
Target
seucartao0021 0iictl3q h6ozq5.msi
-
Size
4.0MB
-
MD5
04573ca4c50c5c352ec0859d6a14953a
-
SHA1
1a6780e61a658511f141fa8305ed9a9f318f5518
-
SHA256
57675d518613f20edc235c2975eadba7aa15d19aa460df03b443c99cff0d26d1
-
SHA512
d2ac8b26969f25b9c4da413a54118bcfc181dd2bffdabc771119fb5837825d560807862ea4a75f0985b0e2c261d9678fc18a4975bb8c24399e5e248362d9664d
Score10/10-
suricata: ET MALWARE Ousaban Banker Checkin M1
suricata: ET MALWARE Ousaban Banker Checkin M1
-
suricata: ET MALWARE Ousaban Banker Checkin M2
suricata: ET MALWARE Ousaban Banker Checkin M2
-
suricata: ET MALWARE Ousaban Banker KeepAlive
suricata: ET MALWARE Ousaban Banker KeepAlive
-
suricata: ET MALWARE Ousaban Banker KeepAlive Response
suricata: ET MALWARE Ousaban Banker KeepAlive Response
-
suricata: ET MALWARE Ousaban Banker Server Response M1
suricata: ET MALWARE Ousaban Banker Server Response M1
-
suricata: ET MALWARE Ousaban Banker Server Response M2
suricata: ET MALWARE Ousaban Banker Server Response M2
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-