Overview

overview

10

Static

static

10

load.msi

windows7_x64

8

load.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    load.msi

  • Size

    4.0MB

  • Sample

    220113-tbxlrabcc5

  • MD5

    84a654e89c30bf453beecaafb694f6a9

  • SHA1

    40ead07a0b5079314cfb2811d425e0370f6b6715

  • SHA256

    5fe0bcefbfd86e01e6fd17a2009f2e9ebaf041e9ecf7ce3c83603a74ad440d53

  • SHA512

    3e8b1e228d9e46c1fbb3639c5c71a6d790f51696160c11252906ddefe31db6668c687937fb6fd9f4bbbcadcf0c7357b03dc64299f7f36447279943c1e1f6914f

Score
10/10
latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

http://ec2-54-146-131-144.compute-1.amazonaws.com/SAGA/AQ345454RTE5WE5467588.zip

Targets

    • Target

      load.msi

    • Size

      4.0MB

    • MD5

      84a654e89c30bf453beecaafb694f6a9

    • SHA1

      40ead07a0b5079314cfb2811d425e0370f6b6715

    • SHA256

      5fe0bcefbfd86e01e6fd17a2009f2e9ebaf041e9ecf7ce3c83603a74ad440d53

    • SHA512

      3e8b1e228d9e46c1fbb3639c5c71a6d790f51696160c11252906ddefe31db6668c687937fb6fd9f4bbbcadcf0c7357b03dc64299f7f36447279943c1e1f6914f

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks