latam_generic_downloader | 17182f1f100e9370ee0798fdad75aca6c9004d9446bad85bf5ad9f28975f77d4 | Triage

Sharing

General

Target

36b8ab4ab974a6be2ae8aec49600215c_JaffaCakes118
Size

264KB
Sample

240330-h8v9eaah9z
MD5

36b8ab4ab974a6be2ae8aec49600215c
SHA1

01233a85959dd6f5815eb8a037d630b81bff0eb0
SHA256

17182f1f100e9370ee0798fdad75aca6c9004d9446bad85bf5ad9f28975f77d4
SHA512

27bbfedd27c8b821fc17a25ab7a704874df02cb9f608bb02c0892e68e64336ff6816248f4fab150c11e8da7d8422195be7f50ac37927a5e2cef3d95cc71e9072
SSDEEP

3072:kmJhsQ903DaYlA8wgz88ereWn/7w05g0JMcB3RUN46ILJ9+ZB5yOanPR:kmu3DaYlAN8er1nzTsroR

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://privateincorpore.s3.sa-east-1.amazonaws.com/bihouti.tch

Targets

- Target
  
  36b8ab4ab974a6be2ae8aec49600215c_JaffaCakes118
- Size
  
  264KB
- MD5
  
  36b8ab4ab974a6be2ae8aec49600215c
- SHA1
  
  01233a85959dd6f5815eb8a037d630b81bff0eb0
- SHA256
  
  17182f1f100e9370ee0798fdad75aca6c9004d9446bad85bf5ad9f28975f77d4
- SHA512
  
  27bbfedd27c8b821fc17a25ab7a704874df02cb9f608bb02c0892e68e64336ff6816248f4fab150c11e8da7d8422195be7f50ac37927a5e2cef3d95cc71e9072
- SSDEEP
  
  3072:kmJhsQ903DaYlA8wgz88ereWn/7w05g0JMcB3RUN46ILJ9+ZB5yOanPR:kmu3DaYlAN8er1nzTsroR
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2