latrodectus | 2f9875c3cfee4ef11ba1f4e554e972c7ecf3dada22b275a0b82e47debf233224 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-02-2025 19:46

Sharing

Report Analysis Logs

General

Target

MaxxAudioAPO.dll
Size

2.2MB
MD5

7aabbeb2c543e814d404a8e2f752b317
SHA1

8ab69e10e7017b18dc754a0bcbb91f653b15ce4c
SHA256

2f9875c3cfee4ef11ba1f4e554e972c7ecf3dada22b275a0b82e47debf233224
SHA512

00dfbadac030148d9cefb37f66cdf4b5199f53a33893f6a1a89e183d781a18a62fbe01d7f1d154cf7f2ffb442bfe7e180594b661e17f91f7fad44601e7396118
SSDEEP

49152:gZzQqIEjvDQPOnR2mSBn/VSlsBCXHWfVyR:gYqky

Score

10^/10

latrodectus loader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://vivaforevew.com/test/

https://wersogkiwgow.com/test/

Attributes

group
Omega
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 928	2220	rundll32.exe	29
PID 2220 wrote to memory of 928	2220	rundll32.exe	29
PID 2220 wrote to memory of 928	2220	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MaxxAudioAPO.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 132
  2⤵
  PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-3-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download
memory/2220-4-0x0000000001E00000-0x0000000003AB1000-memory.dmp

Filesize
28.7MB

Download