latrodectus | 5842375b33d1461015322baac92a5d31e460dcc3b85e1d30d20196af96f81612

Sharing

Copy URL

Twitter E-mail

General

Target

Mal2.zip
Size

8.7MB
Sample

250316-kch1bazkv4
MD5

6fdc5ce2ecd97b33ad8b7290103674ba
SHA1

1550516201bebc1e7b1a799d89b2b397bf2348a6
SHA256

5842375b33d1461015322baac92a5d31e460dcc3b85e1d30d20196af96f81612
SHA512

fd997cb3b113df4bd71f854eb73b6e4e2e9f8d276f1d01b03516a00209eb4b5e2b0d361268cd309b109659100ff0bec4f702cd87d697e82ba3a1d21a3b868d9e
SSDEEP

196608:0jJ/lSeJUQOv6NsuJh08cwQagAuWBGjx1Rox8HUL0m:0h6bXuJq86aHuWBGjx1RoxdQm

Score

10^/10

Malware Config

Extracted

Family

lumma

https://partparcadi.shop/api

https://crosshairc.life/api

https://mrodularmall.top/api

https://jowinjoinery.icu/api

https://plegenassedk.top/api

https://htardwarehu.icu/api

https://jcjlaspcorne.icu/api

https://bugildbett.top/api

https://weaponrywo.digital/api

Extracted

Family

latrodectus

Version

1.4

https://remustarofilac.com/test/

https://horetimodual.com/test/

Attributes

group
Ferrary
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Targets

- Target
  
  Mal2/Comn.dll
- Size
  
  349KB
- MD5
  
  f76f5a566cbb5f561d26e7aca841c723
- SHA1
  
  4838fd2dd9dbfcdaf2b1f11091f15a17f93c29be
- SHA256
  
  0576fc3b0c9381c47a8a9443abdd195eebb34ece0adc5c6d17624ca0e914e8e3
- SHA512
  
  9f574f09a4c54b8e786846297fcfad7af647eb134d8e960b078a83e982ccae2956aa6c4c1014c01c7774461e31314904cb6dfc325c7a90c3e31130838beb24c0
- SSDEEP
  
  6144:OghGJtKYAMn4uXXS49wb/wNK/YgNelveftFe/vbu9/wMLm4+KqhnWlLutAONKFj2:7pYA84uscNCDeVuy4onWWaj2
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Mal2/QtCore4.dll
- Size
  
  2.3MB
- MD5
  
  03985b7b207e63b6bb894ea6ea78d92b
- SHA1
  
  0e6fc44b1f3c724e6050152d9e240a548314a6ff
- SHA256
  
  793153a9262e4c280a71ea595fe49208a89766d6d344766af0abf8c32648f3e0
- SHA512
  
  a2e9749c7d7c9745eb16b6976c6c208b3ce2ee524e958cf7c41d0d31a7fb761c4f66ad8320301c652ef4ea8128111ad9687e64f3944d40b933153d99ab8c272b
- SSDEEP
  
  49152:boSCNMaKqdxVYZEC4brbrOFxDGJsv6tWKFdu9CrTduMlhEFWLjggXiWBv:ESCsf4fb6FQJsv6tWKFdu9CVJ
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Mal2/QtGui4.dll
- Size
  
  675.9MB
- MD5
  
  eb76a5bec2a70b516d7b751a769b47f6
- SHA1
  
  494b7c3b714c1d273c48b160114acf9d3146f1df
- SHA256
  
  9f96b75058f941a718ef7b0d0604f809ef9d7fe23d1414605f015d7a5fe61d68
- SHA512
  
  e5c09dfb36fc6b52bac8609a6d29c4d73346775c233231a849a297e0e8ae00137eedebc6c606ce47e28e5f224802aa59e98cfff82cf9c9fdf4afa8366cb0b465
- SSDEEP
  
  98304:QxsOZAe0cTSFGuzhyzzJx13wQMNVZoznsO+vV:QxxZNeoAcU
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Mal2/Set-up.exe
- Size
  
  335KB
- MD5
  
  61dc7844b70f4e6ffce0ec875dcc7faf
- SHA1
  
  436a95a2135264bacaae51f6aa6a60c2ad6308c7
- SHA256
  
  6ca9becba92609d2974352a205725346c696e864d087b63ea2afabd52707fb87
- SHA512
  
  bbf2ce889e76a024b5c85b84b544608526b3a460f9751d3b2aa51a404f517705dc6d40756caa8071a65271e67791a16fb2bbbbc4d0b78c93e670c96404fba765
- SSDEEP
  
  6144:k32qf6qqDdoAZrdsTs/88TuIc4vlico6CUwtXHQgO6aFuO:k32qKRfiTKNyGFuO
Score

10^/10

lumma discovery spyware stealer latrodectus loader
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  Mal2/breast.html
- Size
  
  51KB
- MD5
  
  32b7055e66439065de5ea5c8cc51ec80
- SHA1
  
  b3af36490fc9bec19b6041221191eadf582e14b5
- SHA256
  
  467459cf4763513e74820b221770142c560620d749fcf588fad4d38bb3d15cc7
- SHA512
  
  fc9903fdeae2e21cfa58e716dbc9892f3b4de4e81286a22ae9e3a084502d161d14257690fb1f0815327ffd3140bd0fa774683a120c32a41bbb8d849b04abaa34
- SSDEEP
  
  768:2XM8+KzTjc2gqtbminV1FibevwtqhhftLEayWud/DGC/QNZU50ugfCTgccp20t7j:UpzPSqh7vRXLExvrGdC0cK77GpN+/UI
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  Mal2/libcrypto-1_1.dll
- Size
  
  2.2MB
- MD5
  
  832205883448ab8c689d8a434d92f80b
- SHA1
  
  890c403a288c65683edbe9917b972ceb6eb7eba7
- SHA256
  
  558addae67d50612acd60a02fb29d41be61999d299348df9a225e419cc9395ed
- SHA512
  
  0c1b8b3776c14b78f9b7ac09627ca7762f62c63da489204f376519752b029951798c1ed24aed07cc660c5e54936c06560fda921e33a76e80ebab10ef97177973
- SSDEEP
  
  49152:bzbweqQy7Fx+17AOaXV8pBnK8CGS1CPwDv3uFyiWT4oEQ:HbjBy7r+7bUGnK8pS1CPwDv3uFyi2
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Mal2/libssl-1_1.dll
- Size
  
  641KB
- MD5
  
  cdbf8cd36924ffb81b19487746f7f18e
- SHA1
  
  781190c5a979359054ce56ceef714a8f5384cfbb
- SHA256
  
  0813c77df688b39f26bad0be2b3e4afde13e97d9a1ebcbdb3b1f4184218d1a57
- SHA512
  
  ca43450e853b3c74808ad199abe329ac2a2d7ae2e84c17fb467374c22ec9620fb102c75889e279e2d28f0ebd14d8bafafe700241ba4141fd64b4801802a3d474
- SSDEEP
  
  12288:gS8b77+Zdm6b8nU2j64YEc9zYe5ZLKTedJHs8AO6yzBK:gSb9B8TedJHQO68K
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Mal2/msvcp80.dll
- Size
  
  536KB
- MD5
  
  272a9e637adcaf30b34ea184f4852836
- SHA1
  
  6de8a52a565f813f8ac7362e0c8ba334b680f8f8
- SHA256
  
  35b15b78c31111db4fa11d9c9cad3a6f22c92daa5e6f069dc455e72073266cc4
- SHA512
  
  f1f04a84d25a74bb1cf6285ef705f092a08e93d39df569f6badc45b8722d496bbbef02b4e19f76a0332e3842945506c2c12ad61fe34f339bb91f49b8d112cd52
- SSDEEP
  
  12288:jZY4lOHMwLwXBt+iak8txUa/hUgiW6QR7t5j3Ooc8NHkC2em:jZY4lOHMM8wix8tBj3Ooc8NHkC2e
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Mal2/msvcr80.dll
- Size
  
  612KB
- MD5
  
  43143abb001d4211fab627c136124a44
- SHA1
  
  edb99760ae04bfe68aaacf34eb0287a3c10ec885
- SHA256
  
  cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03
- SHA512
  
  ced96ca5d1e2573dbf21875cf98a8fcb86b5bcdca4c041680a9cb87374378e04835f02ab569d5243608c68feb2e9b30ffe39feb598f5081261a57d1ce97556a6
- SSDEEP
  
  12288:mxzh9hH5RVKTp0G+vFhr46CI600yZmGyYG:mph9hHzVKOpt6MmGyY
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Latrodectus family

Latrodectus loader

Lumma Stealer, LummaC

Lumma family

Accesses cryptocurrency files/wallets, possible credential harvesting

Downloads MZ/PE file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18