latrodectus | fc21a125287c3539e11408587bcaa6f3b54784d9d458facbc54994f05d7ef1b0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 23:28

Target

Update_9b2e8e34.dll
Size

69KB
MD5

c189e585a4aea11380082f7c25aef6b8
SHA1

3d84e7bdd40cd41df467830563d0f62779469a1b
SHA256

fc21a125287c3539e11408587bcaa6f3b54784d9d458facbc54994f05d7ef1b0
SHA512

f25cc7078bea3d2ae952a8d7406fb61fa6954d848e9a1f1ac6f5c4ff7151955c10531e7ce6c98baaacc4068ee6c8245a886eca41d0906c0d847d6fcf5158a47b
SSDEEP

768:RvrkZkx7jOx10Io0O99dyyus8GgrFuNtxv4c/HFGKndcHrqzwzvCoQ5w7t:Rv1dj7aO9qyV8Kv4c/HFGLlzKoQi

Score

10^/10

Family

latrodectus

https://winarkamaps.com/live/

https://stratimasesstr.com/live/

Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Detect larodectus Loader variant 2 1 IoCs

loader

resource	yara_rule
behavioral1/memory/952-0-0x0000000000290000-0x00000000002A4000-memory.dmp	family_latrodectus_v2

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
952	rundll32.exe
952	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Update_9b2e8e34.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:952

memory/952-0-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download