latrodectus | 0ede3cbe821e4f083fc119274f069c77e64a6a7e8a2c16530317b826a0939979

Analysis

max time kernel
77s
max time network
95s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2024 15:00

Target

mbaeapina.dll
Size

740KB
MD5

97003e2f2b6380fd9a59b5eb4441649e
SHA1

4906a35f5bbe06350333337d21eb57434731e465
SHA256

0ede3cbe821e4f083fc119274f069c77e64a6a7e8a2c16530317b826a0939979
SHA512

992be369d7274c28a7388d78bbedecc9485ed8b346d189ee38ebcf3f3e1e61375e15b4d8f7faf9b295164183d69bbb2620fac65719fc50d635d5099a45126772
SSDEEP

12288:2+XcF2BrQHSTbgEQyl9l7zCUnyVK8vFn+hPrDqYOvFh5eXuI:WcES/3Qmn7tc9HEeI

Score

10^/10

Family

latrodectus

https://titnovacrion.top/live/

https://skinnyjeanso.com/live/

Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Detect larodectus Loader variant 2 4 IoCs

loader

resource	yara_rule
behavioral1/memory/4108-3-0x000001E124080000-0x000001E124094000-memory.dmp	family_latrodectus_v2
behavioral1/memory/4108-4-0x000001E124040000-0x000001E124054000-memory.dmp	family_latrodectus_v2
behavioral1/memory/4108-5-0x000001E124080000-0x000001E124094000-memory.dmp	family_latrodectus_v2
behavioral1/memory/4108-7-0x000001E124080000-0x000001E124094000-memory.dmp	family_latrodectus_v2

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4108	rundll32.exe
4108	rundll32.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 4108	4172	cmd.exe	79
PID 4172 wrote to memory of 4108	4172	cmd.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mbaeapina.dll,#1
1⤵
PID:292

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Windows\system32\rundll32.exe
  rundll32 mbaeapina.dll,#15
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

memory/292-0-0x0000000180000000-0x00000001800BF000-memory.dmp

Filesize
764KB

Download
memory/292-1-0x0000000180000000-0x00000001800BF000-memory.dmp

Filesize
764KB

Download
memory/4108-2-0x0000000180000000-0x00000001800BF000-memory.dmp

Filesize
764KB

Download
memory/4108-3-0x000001E124080000-0x000001E124094000-memory.dmp

Filesize
80KB

Download
memory/4108-4-0x000001E124040000-0x000001E124054000-memory.dmp

Filesize
80KB

Download
memory/4108-5-0x000001E124080000-0x000001E124094000-memory.dmp

Filesize
80KB

Download
memory/4108-6-0x0000000180000000-0x00000001800BF000-memory.dmp

Filesize
764KB

Download
memory/4108-7-0x000001E124080000-0x000001E124094000-memory.dmp

Filesize
80KB

Download