latam_generic_downloader | 472e40357bbd9c18824abf10157d6482b8d853cdef7267b723e5d887b54e00ee | Triage

Sharing

General

Target

d658fc04f5eb9b2f7984579d4b8d8322_JaffaCakes118
Size

264KB
Sample

240405-rtvtrsed7w
MD5

d658fc04f5eb9b2f7984579d4b8d8322
SHA1

905e42f62ce86570abd70081185c969574fe64ed
SHA256

472e40357bbd9c18824abf10157d6482b8d853cdef7267b723e5d887b54e00ee
SHA512

3242e71dd101cbbc54e0136922424f4faf64bdcee2e37adde5ec9247bab30b5c5fcc611c26e9a2816ce56adbb44d4b707363ddbf8f7852563aa308690b9c1adb
SSDEEP

3072:vm65Lk903DaYlAYwgz88ereWn/7w05g0dMcB3RUN46ILJ9+ZB5yOanhS:vmo3DaYlAJ8er1nzTMriS

Score

10^/10

latam_generic_downloader

Malware Config

Extracted

Family

latam_generic_downloader

C2

https://pqlaksmc.s3.sa-east-1.amazonaws.com/gweek.visio

Targets

- Target
  
  d658fc04f5eb9b2f7984579d4b8d8322_JaffaCakes118
- Size
  
  264KB
- MD5
  
  d658fc04f5eb9b2f7984579d4b8d8322
- SHA1
  
  905e42f62ce86570abd70081185c969574fe64ed
- SHA256
  
  472e40357bbd9c18824abf10157d6482b8d853cdef7267b723e5d887b54e00ee
- SHA512
  
  3242e71dd101cbbc54e0136922424f4faf64bdcee2e37adde5ec9247bab30b5c5fcc611c26e9a2816ce56adbb44d4b707363ddbf8f7852563aa308690b9c1adb
- SSDEEP
  
  3072:vm65Lk903DaYlAYwgz88ereWn/7w05g0dMcB3RUN46ILJ9+ZB5yOanhS:vmo3DaYlAJ8er1nzTMriS
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

latam_generic_downloader

behavioral1

behavioral2