latrodectus | 025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741 | Triage

Submit
Reports

Overview

overview

Static

static

1

025abbec17...41.msi

windows7-x64

025abbec17...41.msi

windows10-2004-x64

Sharing

General

Target

025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741.msi
Size

2.0MB
Sample

241114-cf6lsaslax
MD5

c65899e2519f4ad21fb4b97f0a113362
SHA1

a1f854c29a69c19949499fca5e24b02b97be46fd
SHA256

025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741
SHA512

eca93cb24187735ec54d4b4e99675f87f1957e255f59c5432498bbc2c47c77b6ccfdf48861a2f78eb377307ce8f6e6458eaf4b766b96e6c2faea1fb87e3dcbb4
SSDEEP

49152:/c53YhW8zBQSc0ZnSKBZKumZr7Aej3YOXT7wYyr8lCV:QYY0Zn3K/Ai33XXZ0

Score

10^/10

latrodectus discovery loader persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741.msi

Resource

win7-20240729-en

latrodectus discovery loader persistence privilege_escalation

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741.msi

Resource

win10v2004-20241007-en

latrodectus discovery loader persistence privilege_escalation

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://rolefenik.com/test/

https://ergiholim.com/test/

Targets

- Target
  
  025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741.msi
- Size
  
  2.0MB
- MD5
  
  c65899e2519f4ad21fb4b97f0a113362
- SHA1
  
  a1f854c29a69c19949499fca5e24b02b97be46fd
- SHA256
  
  025abbec1724b9180b369fe116da9d90ae47a4996f6a4e28e8a947bac1e0c741
- SHA512
  
  eca93cb24187735ec54d4b4e99675f87f1957e255f59c5432498bbc2c47c77b6ccfdf48861a2f78eb377307ce8f6e6458eaf4b766b96e6c2faea1fb87e3dcbb4
- SSDEEP
  
  49152:/c53YhW8zBQSc0ZnSKBZKumZr7Aej3YOXT7wYyr8lCV:QYY0Zn3K/Ai33XXZ0
Score

10^/10

latrodectus discovery loader persistence privilege_escalation
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusdiscoveryloaderpersistenceprivilege_escalation

behavioral2

latrodectusdiscoveryloaderpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy