latrodectus | dfff1a07429ff9585f3dab9c78b501174e7c326e1fb95c5234368071b5426768 | Triage

Submit
Reports

Overview

overview

Static

static

1

medk.msi

windows7-x64

medk.msi

windows10-2004-x64

Sharing

General

Target

medk.msi
Size

2.0MB
Sample

241113-vvtvmswdnb
MD5

8cb04bf931a19fa0ae1bd7235180dd4a
SHA1

dfc980a827dbde294ae9fa6e63545d1d57344e96
SHA256

dfff1a07429ff9585f3dab9c78b501174e7c326e1fb95c5234368071b5426768
SHA512

58f1661d689aaa9391f04e086db490693f83b70e068ca10b20cff6f87979a8804aa9f054ac961af06c4b7b17fd88b1912774b2eb3d16b9df8e7a4ed9bb3c0a29
SSDEEP

49152:F943YhW8zBQSc0ZnSKBZKumZr7Apj3Y+7jHplNa:6YY0Zn3K/Al3dXHpra

Score

10^/10

latrodectus discovery loader persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

medk.msi

Resource

win7-20240903-en

latrodectus discovery loader persistence privilege_escalation

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

medk.msi

Resource

win10v2004-20241007-en

latrodectus discovery loader persistence privilege_escalation

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://rolefenik.com/test/

https://ergiholim.com/test/

Targets

- Target
  
  medk.msi
- Size
  
  2.0MB
- MD5
  
  8cb04bf931a19fa0ae1bd7235180dd4a
- SHA1
  
  dfc980a827dbde294ae9fa6e63545d1d57344e96
- SHA256
  
  dfff1a07429ff9585f3dab9c78b501174e7c326e1fb95c5234368071b5426768
- SHA512
  
  58f1661d689aaa9391f04e086db490693f83b70e068ca10b20cff6f87979a8804aa9f054ac961af06c4b7b17fd88b1912774b2eb3d16b9df8e7a4ed9bb3c0a29
- SSDEEP
  
  49152:F943YhW8zBQSc0ZnSKBZKumZr7Apj3Y+7jHplNa:6YY0Zn3K/Al3dXHpra
Score

10^/10

latrodectus discovery loader persistence privilege_escalation
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusdiscoveryloaderpersistenceprivilege_escalation

behavioral2

latrodectusdiscoveryloaderpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy