latrodectus | de56b90b222c4f01351771e01e82a4d815a837d798e6ba2cb6d68ca34233f8c2 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-02-2025 18:57

Sharing

Report Analysis Logs

General

Target

fxghx5.dll
Size

2.2MB
MD5

6fa3404dcd5a4dd732f36f59dd24405f
SHA1

3a6134c4837c8616bbce00c0064436483ffde8e2
SHA256

de56b90b222c4f01351771e01e82a4d815a837d798e6ba2cb6d68ca34233f8c2
SHA512

d1440bc92411885597c64fa9a6c152a9276a2f615c02956ac67814d9000cd8c66ed976126d12c603aa20c748700e14b5dc9272548e2683add9a3e72992d10099
SSDEEP

49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ

Score

10^/10

latrodectus loader

Malware Config

Extracted

Family

latrodectus

aes.hex

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/

Attributes

group
Mimikast
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2456	2856	rundll32.exe	30
PID 2856 wrote to memory of 2456	2856	rundll32.exe	30
PID 2856 wrote to memory of 2456	2856	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fxghx5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2856 -s 132
  2⤵
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2856-4-0x0000000001C00000-0x00000000038B1000-memory.dmp

Filesize
28.7MB

Download
memory/2856-3-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download