General
-
Target
309abcad11b67d2498cf87c4e10ff30f.bin
-
Size
1.4MB
-
Sample
241121-bgwbrsxhqj
-
MD5
4a0fc4dae558e7c8064ea9cc68553d3c
-
SHA1
aa865f9615861c7f4ce21133a5d85e400a4ee61e
-
SHA256
e4cf627ddf140c7108b8d1be9f55766bc8a723c3f23ad597cd1883cc968c809d
-
SHA512
dcc5eff53c2053d0ad3b27c2d21fe45a64435cae0605d1d5b6335e7b40bfdb2d9cb20269e61fe5e14bf5b1f77178cfc0111245c6e9d9132b05c384d41da544f8
-
SSDEEP
24576:Xwxgq1zuZOAMJxNmOpgMLRFUV0yXwR7qFckBlIdcrI9A2/mBbc1GrYCeA8vHRj2:XsV17mOpgMLRCVZgR7qeAIYIW5BwQYk1
Static task
static1
Behavioral task
behavioral1
Sample
c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf.msi
Resource
win10v2004-20241007-en
Malware Config
Extracted
latrodectus
https://bestmarsgood.com/test/
https://cerwintifed.com/test/
Targets
-
-
Target
c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf.msi
-
Size
2.0MB
-
MD5
309abcad11b67d2498cf87c4e10ff30f
-
SHA1
0d805a684b889846a7b00cecc0ee84c7cf93398d
-
SHA256
c39abdca1a31b20fe06969a36102c784df7f63847ec930dfaf8c4bd97b4558bf
-
SHA512
0f0c0f4a04ae65532a7f4c197ca22c371d904a5b3055e14bd537a3c092d8b4526a597564019395ed0b05d4ffbc6d9b450a8d267de3906f88ac2d320f9c75bdd9
-
SSDEEP
49152:ecS3YhW8zBQSc0ZnSKBZKumZr7AQkojSo0kzI8ZVE6VPbe:sYY0Zn3K/AQz3Tbx56
-
Detects Latrodectus
Detects Latrodectus v1.4.
-
Latrodectus family
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1