latam_generic_downloader | 630793d812d85e763f5042ec21cfa2d5da436ee535fdd1ccd00b52c45f82ccb9 | Triage

Sharing

General

Target

d13d644d111ba1ad4a95d7c6dfd9b669_JaffaCakes118
Size

264KB
Sample

240405-mk49mahg2s
MD5

d13d644d111ba1ad4a95d7c6dfd9b669
SHA1

3c9871a124d2eebeb68ebbfd49fe9b05320a4972
SHA256

630793d812d85e763f5042ec21cfa2d5da436ee535fdd1ccd00b52c45f82ccb9
SHA512

4f03ce84adfb108da2245914949a6a133b479d05fbde75ced318ad4142d34aebea0d318bdbfd66fd876e3fa146e9cd8379a32b4ebed3a5e37dd9624cf63a7ddb
SSDEEP

3072:VmDk2R903DaYlAdwgz88ereWn/7w05g0OMcB3RUN46ILJ9+ZB5yOannY:Vms3DaYlAI8er1nzTbrIY

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://xigud1pd.s3.sa-east-1.amazonaws.com/curt.pasgf

Targets

- Target
  
  d13d644d111ba1ad4a95d7c6dfd9b669_JaffaCakes118
- Size
  
  264KB
- MD5
  
  d13d644d111ba1ad4a95d7c6dfd9b669
- SHA1
  
  3c9871a124d2eebeb68ebbfd49fe9b05320a4972
- SHA256
  
  630793d812d85e763f5042ec21cfa2d5da436ee535fdd1ccd00b52c45f82ccb9
- SHA512
  
  4f03ce84adfb108da2245914949a6a133b479d05fbde75ced318ad4142d34aebea0d318bdbfd66fd876e3fa146e9cd8379a32b4ebed3a5e37dd9624cf63a7ddb
- SSDEEP
  
  3072:VmDk2R903DaYlAdwgz88ereWn/7w05g0OMcB3RUN46ILJ9+ZB5yOannY:Vms3DaYlAI8er1nzTbrIY
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2