General

  • Target

    309abcad11b67d2498cf87c4e10ff30f.bin

  • Size

    1.4MB

  • Sample

    241121-bgwbrsxhqj

  • MD5

    4a0fc4dae558e7c8064ea9cc68553d3c

  • SHA1

    aa865f9615861c7f4ce21133a5d85e400a4ee61e

  • SHA256

    e4cf627ddf140c7108b8d1be9f55766bc8a723c3f23ad597cd1883cc968c809d

  • SHA512

    dcc5eff53c2053d0ad3b27c2d21fe45a64435cae0605d1d5b6335e7b40bfdb2d9cb20269e61fe5e14bf5b1f77178cfc0111245c6e9d9132b05c384d41da544f8

  • SSDEEP

    24576:Xwxgq1zuZOAMJxNmOpgMLRFUV0yXwR7qFckBlIdcrI9A2/mBbc1GrYCeA8vHRj2:XsV17mOpgMLRCVZgR7qeAIYIW5BwQYk1

Malware Config

Extracted

Family

latrodectus

C2

https://bestmarsgood.com/test/

https://cerwintifed.com/test/

Targets

    • Target

      c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf.msi

    • Size

      2.0MB

    • MD5

      309abcad11b67d2498cf87c4e10ff30f

    • SHA1

      0d805a684b889846a7b00cecc0ee84c7cf93398d

    • SHA256

      c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf

    • SHA512

      0f0c0f4a04ae65532a7f4c197ca22c371d904a5b3055e14bd537a3c092d8b4526a597564019395ed0b05d4ffbc6d9b450a8d267de3906f88ac2d320f9c75bdd9

    • SSDEEP

      49152:ecS3YhW8zBQSc0ZnSKBZKumZr7AQkojSo0kzI8ZVE6VPbe:sYY0Zn3K/AQz3Tbx56

    • Detects Latrodectus

      Detects Latrodectus v1.4.

    • Latrodectus family

    • Latrodectus loader

      Latrodectus is a loader written in C++.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks