latam_generic_downloader | 21c15427e510d11a270acde17b9be3f4b521c2b79caedeba4241433355acfb68 | Triage

Sharing

General

Target

6029e560b25e77fa0dfb90c1f699e30a_JaffaCakes118
Size

264KB
Sample

240331-2l9m3aef63
MD5

6029e560b25e77fa0dfb90c1f699e30a
SHA1

b527ed1a06832418dba90812064bffccacc2b352
SHA256

21c15427e510d11a270acde17b9be3f4b521c2b79caedeba4241433355acfb68
SHA512

f729f7ae148eb7bf744af0142a6f68516067278b2ea416a8872ac51f465dc15253fc913f4a10ce35aac80a9e92174980bfd1c0903a9efd7eb4cfc47a7e6e5e87
SSDEEP

3072:0mAk2R903DaYRAkwgz88ereWn/7w05g0WaAMcB3RUN46ILJ9+ZB5yOannb:0mn3DaYRAV8er1nzTsaPrIb

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://xigud1pd.s3.sa-east-1.amazonaws.com/curt.pasgf

Targets

- Target
  
  6029e560b25e77fa0dfb90c1f699e30a_JaffaCakes118
- Size
  
  264KB
- MD5
  
  6029e560b25e77fa0dfb90c1f699e30a
- SHA1
  
  b527ed1a06832418dba90812064bffccacc2b352
- SHA256
  
  21c15427e510d11a270acde17b9be3f4b521c2b79caedeba4241433355acfb68
- SHA512
  
  f729f7ae148eb7bf744af0142a6f68516067278b2ea416a8872ac51f465dc15253fc913f4a10ce35aac80a9e92174980bfd1c0903a9efd7eb4cfc47a7e6e5e87
- SSDEEP
  
  3072:0mAk2R903DaYRAkwgz88ereWn/7w05g0WaAMcB3RUN46ILJ9+ZB5yOannb:0mn3DaYRAV8er1nzTsaPrIb
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2