latrodectus | 5d346e5eae36f10e4d966fec7d85416a8c9cbeedf72933dbbc6ad81d0d221ac6

Analysis

max time kernel
103s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 14:11

Target

napcrypt.dll
Size

2.7MB
MD5

6a8f186493ab6e188655ffc78b602f13
SHA1

7457b597c1674c26d4f6186159181548ffa7a61b
SHA256

5d346e5eae36f10e4d966fec7d85416a8c9cbeedf72933dbbc6ad81d0d221ac6
SHA512

af28676205819697ce36a605436a3b24c63020cebe6197486d86759f2bee4b3a2508154b9dd2184a56898830d8039a1aa7b8aa7ab7e0ce1acb9793e3160569cd
SSDEEP

49152:EjZMJvHBps+E2UVASA6+HGC/eqSqmO2mXWxVpSSiuMz5coGhiJ5rik8bKtXP:MM9MO2NFU5cokiJywX

Score

10^/10

Family

latrodectus

Version

1.4

https://forefilarem.com/test/

https://grazafnulp.com/test/

aes.hex

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
behavioral2/memory/3764-1-0x000001CE3E830000-0x000001CE3E845000-memory.dmp	family_latrodectus_1_4

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\napcrypt.dll,#1
1⤵
PID:3764

memory/3764-0-0x00007FFA9718F000-0x00007FFA97190000-memory.dmp

Filesize
4KB

Download
memory/3764-1-0x000001CE3E830000-0x000001CE3E845000-memory.dmp

Filesize
84KB

Download
memory/3764-4-0x00007FFA96F00000-0x00007FFA971C5000-memory.dmp

Filesize
2.8MB

Download
memory/3764-5-0x00007FFA9718F000-0x00007FFA97190000-memory.dmp

Filesize
4KB

Download
memory/3764-6-0x00007FFA96F00000-0x00007FFA971C5000-memory.dmp

Filesize
2.8MB

Download