Overview

overview

10

Static

static

3

UPDATE-HSY...ml.lnk

windows10-2004-x64

10

UPDATE-HSY...ml.lnk

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tramp it up.zip

  • Size

    333KB

  • Sample

    240814-a5y7wsshpe

  • MD5

    201bef648beb741f976a4e365a713c9c

  • SHA1

    bb46c8c1bcf7a926b9064a0852aaf04bddfccdfb

  • SHA256

    bbbce5905921a018ce25f9bcbd4674410ec6a554cfea33a18e7cf8a4e520450f

  • SHA512

    3033d336ff45156d08a042c29c8308d2f25a0421f425db0a9c5031dd88489675a83d76a695fa3dd507e3d76bda3df0932b863156c632e5f123ed06f58718e084

  • SSDEEP

    6144:bEUSennAVdeIvfoanotXIZJMRFvCZ3hyrFPJ4WSYwZ0WLIuG6M34Je6zc4g:TnnMosoDIwRVCZ3sr7CrZVdM3Szvg

Score
10/10
latrodectusdiscoveryloader

Malware Config

Extracted

Family

latrodectus

C2

https://mazdakrichest.com/live/

https://riverhasus.com/live/

Targets

    • Target

      UPDATE-HSYEYDBB.html.lnk

    • Size

      1KB

    • MD5

      ae64124a57d7f5de780f85b7456d90a2

    • SHA1

      ab9a153c0da841ed0cbdd70664a48ba0959eb8a9

    • SHA256

      119f0a88b3366805f6a592742b7ced190010eb98c81f32e251bd42d968b68471

    • SHA512

      0e9ad80748d97e55708bf4939bbe0179d558d643679065c101fa52f861e4d4527cc7bd86795388892f5fd466d2ac959e11f0b89f3c84c673a86d3a62e35ae910

    Score
    10/10
    latrodectusdiscoveryloader

    • Latrodectus loader

      Latrodectus is a loader written in C++.

      loaderlatrodectus

    • Detect larodectus Loader variant 1

      loader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks