Overview

overview

10

Static

static

10

8aa574ba92...6c.msi

windows7_x64

8

8aa574ba92...6c.msi

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aa574ba92ef3177d786c519d9f2acc86aa7d16afd44819cb23eddd28720776c

  • Size

    280KB

  • Sample

    220213-mteqbsbaap

  • MD5

    2e81921e3cdeddd24b74f59039bde7a0

  • SHA1

    45950947f0cf45583514eebc95a361e55fd479b8

  • SHA256

    8aa574ba92ef3177d786c519d9f2acc86aa7d16afd44819cb23eddd28720776c

  • SHA512

    287fb25c2f96df4cca630deb02e64b021395cb46dddc8fe40d833b1db2bc7c25e379824942e17bf1695c036f6115c5cb518c2811e7b5c4a087fd6914b4ab0c5f

Score
10/10
latam_generic_downloaderpersistence

Malware Config

Targets

    • Target

      8aa574ba92ef3177d786c519d9f2acc86aa7d16afd44819cb23eddd28720776c

    • Size

      280KB

    • MD5

      2e81921e3cdeddd24b74f59039bde7a0

    • SHA1

      45950947f0cf45583514eebc95a361e55fd479b8

    • SHA256

      8aa574ba92ef3177d786c519d9f2acc86aa7d16afd44819cb23eddd28720776c

    • SHA512

      287fb25c2f96df4cca630deb02e64b021395cb46dddc8fe40d833b1db2bc7c25e379824942e17bf1695c036f6115c5cb518c2811e7b5c4a087fd6914b4ab0c5f

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks