Overview

overview

10

Static

static

3

018150d42e...d1.exe

windows7-x64

10

018150d42e...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21353997216.zip

  • Size

    4.4MB

  • Sample

    250212-zq1jvaxqgj

  • MD5

    57a40c249121b583364eb43797831f90

  • SHA1

    09e2b8fec496e9b4cc82adfd3d515e423783a258

  • SHA256

    b1bd09509b474c5e4d8a652e27dfd37113ee64a238e696dd25d4c9a78f4c9b26

  • SHA512

    7d63356efe16611a243160e61640210002c7d480516490373d5e2e402b7ff45ee4e5ccfa9dad3e07f18da26291517eebbdad3905d9f6d21799106241e4c5f839

  • SSDEEP

    98304:/hfl6VurpNbT+SoBwk0dKCl6tqcW+hTenUvYG3WUhpbaPU:JAur3T+SoazdnlojTkUvr3YU

Score
10/10
latrodectusdiscoveryloader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://piloferstaf.com/test/

https://ypredoninen.com/test/
Attributes
  • group

    Sigma

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Targets

    • Target

      018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1

    • Size

      8.8MB

    • MD5

      028903c61dc62459f4241124b7ce3e8d

    • SHA1

      65beb2be5d0cac1f246f43dfe3bbfd2124919137

    • SHA256

      018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1

    • SHA512

      fc616aad411d0dafdde18b2b9dd78978cfe3cb10fc7932928eed528b16a425d96f82b995cdb3c3258370c5a25402eaf5220e6d2e39a52fafb95ab68fd2dc5a00

    • SSDEEP

      196608:7cC8osdUCWzpt8iSjiTF6pS7MO8Q6gLawggMNr2ieZMpbfn:7clFPWzpt8iSqopS7MO8Q6gLawOyiQM5

    Score
    10/10
    latrodectusloaderdiscovery

    • Latrodectus family

      latrodectus

    • Latrodectus loader

      Latrodectus is a loader written in C++.

      loaderlatrodectus

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks