Overview

overview

10

Static

static

10

2vFTA23042...IL.msi

windows7_x64

8

2vFTA23042...IL.msi

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b862ca02691b2835921c956c649cc4688556ef4890c88f003738dcf4eec081d

  • Size

    122KB

  • Sample

    220520-ffc61sddfl

  • MD5

    3a766212e85cf2d95610a7f480cab0fe

  • SHA1

    7a3bbb1b8bb554cd433c595d7b09dd7e1d25b482

  • SHA256

    9b862ca02691b2835921c956c649cc4688556ef4890c88f003738dcf4eec081d

  • SHA512

    b8a3de4ec9fa767bde0379f4fd416b9e14243d88fe5b7380dfe3d8fe978bcd7e3acbe914bdccb81e9be7fbb06c0a55fb0e56a93ea1f686424b71c59461b9ddf0

Score
10/10
latam_generic_downloaderpersistence

Malware Config

Targets

    • Target

      2vFTA23042049-ABRIL.msi

    • Size

      280KB

    • MD5

      04e7028611b3a265f90a627f45e43721

    • SHA1

      10cc07c9d057baff07aa81e5f6c3833f8c763f8d

    • SHA256

      c51857627b43582a7f2995c27356717b474854716ddffabcc4ec03b0085bcc07

    • SHA512

      e6f39b4e3d934eae2a47e2ee382c7560e3c8852e95d2ce72ee1a6eb31e92b8e102a922638077b16f31ebdb9da92e932649f43d755627b0c5a1c45bff360b5382

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks