Extracted

• • Target

    5f4f3b0d4378171bb18896b50ec84331e5a9b68346d3489c326116cfd9855390.exe

  • Size

    13.0MB

  • MD5

    f47c4d1fe89f9177e6bcaad7a901e58b

  • SHA1

    fca0b3bc67c4566d10b4985c0423679da0a30670

  • SHA256

    5f4f3b0d4378171bb18896b50ec84331e5a9b68346d3489c326116cfd9855390

  • SHA512

    c43d9ae54a755b9d38acf7adfb81cafca61c335f3ae47fe869950c0842010b2a782c31334e56cee00b1f6d23809391b29431a96757eff39a0433581523a861a8

  • SSDEEP

    393216:GNPrMFSFWUdZakpQyvHjPXEu4nHfjw3BEmt3rK:4iSF/2gDEugwBEIO

  Score

  10^/10

  latrodectusdiscoveryloaderspyware

  • Latrodectus family

    latrodectus

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2