Overview

overview

10

Static

static

3

launcher.bat

windows7-x64

10

launcher.bat

windows10-2004-x64

10

setordinal.dll

windows7-x64

10

setordinal.dll

windows10-2004-x64

10

Resubmissions

05-04-2024 15:25

240405-stqqgsfe7x 10

13-02-2024 16:39

240213-t6fxgsda8t 7

Analysis

  • max time kernel
    91s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • submitted
    13-02-2024 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcher.bat

Score
10/10
latrodectusloader

Malware Config

Extracted

Family

latrodectus

C2

https://plwskoret.top/live/

https://miistoria.com/live/

Signatures

  • Latrodectus family
    latrodectus
  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus
  • Detect larodectus Loader variant 1 4 IoCs
    loader
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Windows\system32\rundll32.exe
      rundll32.exe setordinal.dll,bhuf
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:212
      • C:\Windows\system32\rundll32.exe
        rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_b8487055.dll", bhuf
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Custom_update\Update_b8487055.dll
    Filesize

    1.7MB

    MD5

    50a91559fab7869d51c0a7727c47a783

    SHA1

    a232ec9f822c82d72f5c2b6e0e240680d18ef6ff

    SHA256

    378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05

    SHA512

    878cd8c05a28117be8036cc0631fffc1b3407dd76cacb0d48e44e6f925b08237148f69e136d8fbb6d760bc6b29f537156e0ca10e23f405cd9dcc53bdca88eeb3

    Download Submit

  • memory/212-0-0x000001A11C800000-0x000001A11C813000-memory.dmp

    Filesize

    76KB

    Download

  • memory/212-6-0x000001A11C800000-0x000001A11C813000-memory.dmp

    Filesize

    76KB

    Download

  • memory/212-2-0x0000000180000000-0x00000001801C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4236-5-0x000001D7D2E20000-0x000001D7D2E33000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4236-7-0x000001D7D2E20000-0x000001D7D2E33000-memory.dmp

    Filesize

    76KB

    Download