latrodectus | c0c17a2d3ad170ba6b60096b7966d954bdab9fd8c333d7727e74e2b2f927fcc8 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
06/02/2025, 22:33

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll
Size

2.2MB
MD5

a8b2af15cfc2fb0259459412e55334e2
SHA1

38ce03bbe014489f40aaaa863f88fe4f8d299030
SHA256

c0c17a2d3ad170ba6b60096b7966d954bdab9fd8c333d7727e74e2b2f927fcc8
SHA512

539c0b2b7a076714a8cfa75a0b63bd0b917711b7bc5cff7e87684cc0bd0c8ec5e995c6f0c6b159b86ce1166e1254411cb9e635170447bd214c96f7e902e3ea64
SSDEEP

49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ

Score

10^/10

latrodectus loader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/

Attributes

group
Mimikast
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3048	1832	rundll32.exe	30
PID 1832 wrote to memory of 3048	1832	rundll32.exe	30
PID 1832 wrote to memory of 3048	1832	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1832 -s 128
  2⤵
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-1-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download
memory/1832-4-0x0000000001F60000-0x0000000003C11000-memory.dmp

Filesize
28.7MB

Download