latrodectus | 018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1 | Triage

Sharing

General

Target

018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1
Size

8.8MB
Sample

250317-kpdalavyht
MD5

028903c61dc62459f4241124b7ce3e8d
SHA1

65beb2be5d0cac1f246f43dfe3bbfd2124919137
SHA256

018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1
SHA512

fc616aad411d0dafdde18b2b9dd78978cfe3cb10fc7932928eed528b16a425d96f82b995cdb3c3258370c5a25402eaf5220e6d2e39a52fafb95ab68fd2dc5a00
SSDEEP

196608:7cC8osdUCWzpt8iSjiTF6pS7MO8Q6gLawggMNr2ieZMpbfn:7clFPWzpt8iSqopS7MO8Q6gLawOyiQM5

Score

10^/10

latrodectus loader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://piloferstaf.com/test/

https://ypredoninen.com/test/

Attributes

group
Sigma
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Targets

- Target
  
  018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1
- Size
  
  8.8MB
- MD5
  
  028903c61dc62459f4241124b7ce3e8d
- SHA1
  
  65beb2be5d0cac1f246f43dfe3bbfd2124919137
- SHA256
  
  018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1
- SHA512
  
  fc616aad411d0dafdde18b2b9dd78978cfe3cb10fc7932928eed528b16a425d96f82b995cdb3c3258370c5a25402eaf5220e6d2e39a52fafb95ab68fd2dc5a00
- SSDEEP
  
  196608:7cC8osdUCWzpt8iSjiTF6pS7MO8Q6gLawggMNr2ieZMpbfn:7clFPWzpt8iSqopS7MO8Q6gLawOyiQM5
Score

10^/10

latrodectus loader
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

latrodectusloader

behavioral2

latrodectusloader