latrodectus | c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf | Triage

Submit
Reports

Overview

overview

Static

static

1

merd.msi

windows10-2004-x64

merd.msi

windows10-ltsc 2021-x64

Resubmissions

20-11-2024 06:31

241120-hahknatdnl 10

19-11-2024 21:38

241119-1hfedatfnn 8

Sharing

General

Target

merd.msi
Size

2.0MB
Sample

241120-hahknatdnl
MD5

309abcad11b67d2498cf87c4e10ff30f
SHA1

0d805a684b889846a7b00cecc0ee84c7cf93398d
SHA256

c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf
SHA512

0f0c0f4a04ae65532a7f4c197ca22c371d904a5b3055e14bd537a3c092d8b4526a597564019395ed0b05d4ffbc6d9b450a8d267de3906f88ac2d320f9c75bdd9
SSDEEP

49152:ecS3YhW8zBQSc0ZnSKBZKumZr7AQkojSo0kzI8ZVE6VPbe:sYY0Zn3K/AQz3Tbx56

Score

10^/10

latrodectus discovery loader persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

merd.msi

Resource

win10v2004-20241007-en

latrodectus discovery loader persistence privilege_escalation

windows10-2004-x64

17 signatures

600 seconds

Behavioral task

behavioral2

Sample

merd.msi

Resource

win10ltsc2021-20241023-en

latrodectus discovery loader persistence privilege_escalation

windows10-ltsc 2021-x64

16 signatures

600 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://bestmarsgood.com/test/

https://cerwintifed.com/test/

Targets

- Target
  
  merd.msi
- Size
  
  2.0MB
- MD5
  
  309abcad11b67d2498cf87c4e10ff30f
- SHA1
  
  0d805a684b889846a7b00cecc0ee84c7cf93398d
- SHA256
  
  c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf
- SHA512
  
  0f0c0f4a04ae65532a7f4c197ca22c371d904a5b3055e14bd537a3c092d8b4526a597564019395ed0b05d4ffbc6d9b450a8d267de3906f88ac2d320f9c75bdd9
- SSDEEP
  
  49152:ecS3YhW8zBQSc0ZnSKBZKumZr7AQkojSo0kzI8ZVE6VPbe:sYY0Zn3K/AQz3Tbx56
Score

10^/10

latrodectus discovery loader persistence privilege_escalation
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusdiscoveryloaderpersistenceprivilege_escalation

behavioral2

latrodectusdiscoveryloaderpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy