latrodectus | 24746dfb4ac476772d7a1e936b714b9f0df30612395e4d8e7f31a2c43983bc55 | Triage

Submit
Reports

Overview

overview

Static

static

1

API.msi

windows10-2004-x64

API.msi

windows11-21h2-x64

Sharing

General

Target

API.msi
Size

1.8MB
Sample

240917-v15jbsvfqd
MD5

b1c0657b678a8e3f320476ef4ba6dfd2
SHA1

883a69c2aa664a783b416ec44506aad9d03832d5
SHA256

24746dfb4ac476772d7a1e936b714b9f0df30612395e4d8e7f31a2c43983bc55
SHA512

89059e8f6ae5039cdac24e64cd3b3805691121963f395faee41fb1d8799134ae8ae5ba5f90fd29aec9e6625a4041fd7c2f70185167bf3bb85d4ddad8ab8a383a
SSDEEP

49152:fsE3YhW8zBQSc0ZnSKBZKumZr7AOMLQaaVLAY+Dpwe:1YY0Zn3K/ATLCpNe

Score

10^/10

latrodectus discovery loader persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

API.msi

Resource

win10v2004-20240802-en

latrodectus discovery loader persistence privilege_escalation

windows10-2004-x64

16 signatures

1200 seconds

Behavioral task

behavioral2

Sample

API.msi

Resource

win11-20240802-en

latrodectus discovery loader persistence privilege_escalation

windows11-21h2-x64

16 signatures

1200 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://isomicrotich.com/test/

https://rilomenifis.com/test/

Targets

- Target
  
  API.msi
- Size
  
  1.8MB
- MD5
  
  b1c0657b678a8e3f320476ef4ba6dfd2
- SHA1
  
  883a69c2aa664a783b416ec44506aad9d03832d5
- SHA256
  
  24746dfb4ac476772d7a1e936b714b9f0df30612395e4d8e7f31a2c43983bc55
- SHA512
  
  89059e8f6ae5039cdac24e64cd3b3805691121963f395faee41fb1d8799134ae8ae5ba5f90fd29aec9e6625a4041fd7c2f70185167bf3bb85d4ddad8ab8a383a
- SSDEEP
  
  49152:fsE3YhW8zBQSc0ZnSKBZKumZr7AOMLQaaVLAY+Dpwe:1YY0Zn3K/ATLCpNe
Score

10^/10

latrodectus discovery loader persistence privilege_escalation
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusdiscoveryloaderpersistenceprivilege_escalation

behavioral2

latrodectusdiscoveryloaderpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy