latrodectus | 6de97fe83fc092ce6fca39c541badcd7e0747ed561d32477f0774e6b29b51ea9 | Triage

Sharing

General

Target

6de97fe83fc092ce6fca39c541badcd7e0747ed561d32477f0774e6b29b51ea9.exe
Size

2.2MB
Sample

250216-pr56lsyjby
MD5

0e5fa4a35f567fc75309b2f51e01902c
SHA1

11d997428a3ef76bca7ebf30a09157b9f21b810a
SHA256

6de97fe83fc092ce6fca39c541badcd7e0747ed561d32477f0774e6b29b51ea9
SHA512

c0ba671f8d0a872bc0e0270536906e23ffd9f258baa1a9d0a9a1c50be50adcbf2b861020b381c34e01b71abad16e146f63b8c6fa4d4ea9c965cca5f57ce5c795
SSDEEP

49152:gZzQqIEjvDQPOnR2mSBn/VSlsBCXHWfVyRM:gYqky+

Score

10^/10

latrodectus discovery loader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://vivaforevew.com/test/

https://wersogkiwgow.com/test/

Attributes

group
Omega
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Targets

- Target
  
  6de97fe83fc092ce6fca39c541badcd7e0747ed561d32477f0774e6b29b51ea9.exe
- Size
  
  2.2MB
- MD5
  
  0e5fa4a35f567fc75309b2f51e01902c
- SHA1
  
  11d997428a3ef76bca7ebf30a09157b9f21b810a
- SHA256
  
  6de97fe83fc092ce6fca39c541badcd7e0747ed561d32477f0774e6b29b51ea9
- SHA512
  
  c0ba671f8d0a872bc0e0270536906e23ffd9f258baa1a9d0a9a1c50be50adcbf2b861020b381c34e01b71abad16e146f63b8c6fa4d4ea9c965cca5f57ce5c795
- SSDEEP
  
  49152:gZzQqIEjvDQPOnR2mSBn/VSlsBCXHWfVyRM:gYqky+
Score

10^/10

latrodectus loader discovery
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusloader

behavioral2

latrodectusdiscoveryloader