Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
submitted
13-09-2024 16:47
General
-
Target
130920240346tz3.dll
-
Size
1.8MB
-
MD5
6dc0d350d735fd1acc8219cfa5d02b9b
-
SHA1
7ba0708a4404715fb21a23acfbd88a25b7245ef1
-
SHA256
2333dd858fc40899a1bff3fb39fbc0b4e65a864bfd4eb73c26b48aaddcca7061
-
SHA512
99c9b6310363ce3a7d9ff680c4a0ae976553fc4789b12f9b60d9f629608d90cf4d64b4c8a037264f8aaa48fba69ae397236ef4c32c2eb6779fb5d9e0b3b0d52f
-
SSDEEP
24576:jn6mclQ1O/p0g/9fTeVB1SATDqj2/lDRa+QR6P3r3dl60NWEEk6d:jnhclke0wfoHSASyNNFI6P3rNlHNp
Malware Config
Extracted
latrodectus
https://isomicrotich.com/test/
https://rilomenifis.com/test/
Signatures
-
Detects Latrodectus 7 IoCs
Detects Latrodectus v1.4.
-
Latrodectus family
-
Latrodectus loader
Latrodectus is a loader written in C++.
-
Deletes itself 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\130920240346tz3.dll,#11⤵
- Deletes itself
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_937a8009.dll", #12⤵
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD56dc0d350d735fd1acc8219cfa5d02b9b
SHA17ba0708a4404715fb21a23acfbd88a25b7245ef1
SHA2562333dd858fc40899a1bff3fb39fbc0b4e65a864bfd4eb73c26b48aaddcca7061
SHA51299c9b6310363ce3a7d9ff680c4a0ae976553fc4789b12f9b60d9f629608d90cf4d64b4c8a037264f8aaa48fba69ae397236ef4c32c2eb6779fb5d9e0b3b0d52f
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
1.9MB