LATCHKEY

Description

(Mandiant) In one intrusion, FIN13 utilized certutil to decode a base64 encoded version of the custom dropper LATCHKEY. LATCHKEY is a PowerShell to EXE (PS2EXE) compiled dropper that base64 decodes and executes the PowerSploit function Out-Minidump which generates a minidump for the LSASS system process to disk.

Names

Name
LATCHKEY

Type

Dropper

Information

https://www.mandiant.com/resources/fin13-cybercriminal-mexico

Other Information

Uuid

57b52cc9-fe02-4d62-b3a3-7e8c8796ac3c

Last Card Change

2021-12-26

Threat Intelligence Garden

Explorer

LATCHKEY

LATCHKEY

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks