latrodectus | fe5e31d0d20eea7dc2cfc16a65d81663dfadf519d8c5ed847245875b95261ea3 | Triage

Submit
Reports

Overview

overview

Static

static

3

d8ff7b3040...c1.exe

windows7-x64

d8ff7b3040...c1.exe

windows10-2004-x64

Sharing

General

Target

d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1.zip
Size

7.9MB
Sample

241009-cb6e8a1dpn
MD5

c5762e5ecf14209b5d3cc1effe558ab1
SHA1

32bf6430a2f741b735800c51b96340c078b2fbf3
SHA256

fe5e31d0d20eea7dc2cfc16a65d81663dfadf519d8c5ed847245875b95261ea3
SHA512

45e09196f1c75dc26f073db4748ee4ee206582f699c03db19fb734165284ce9312e91eed3131b0b3de6b90d37de68351bccfe4f572383e06bd5c8160b5a61f03
SSDEEP

196608:qcTZ76dSp/0DeqF0jf9c5p86fs78V2NwT98uLN39/xg30J5:3Z7pKV0j2/12NwB8YpKI5

Score

10^/10

latrodectus discovery execution loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1.exe

Resource

win7-20240708-en

latrodectus discovery execution loader

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1.exe

Resource

win10v2004-20241007-en

latrodectus discovery execution loader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://restoreviner.com/test/

https://peronikilinfer.com/test/

Targets

- Target
  
  d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1
- Size
  
  7.9MB
- MD5
  
  dcadeda5754a0fe953156eb69f966bf2
- SHA1
  
  3fb6f6bb20ef5d4db9f7996662d6fbd84d2a0ee9
- SHA256
  
  d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1
- SHA512
  
  ffb6c3546af692fb48a96f1288c2b96cdad91647e2d9331ceef67cde54548870e387488f17db503e7666540e62450441140220fdc7c8be6410023488953fb290
- SSDEEP
  
  196608:MddurOkR/ykbTpWm+Jmj3qDc2YDW2nGg+MmzM+dxkh:wdIR6Aamj3qQ2x2nGfMmzh/kh
Score

10^/10

latrodectus discovery execution loader
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusdiscoveryexecutionloader

behavioral2

latrodectusdiscoveryexecutionloader

© 2018-2024

Terms | Privacy