General

  • Target

    malware.zip

  • Size

    1.9MB

  • Sample

    250411-zqgfzaztgs

  • MD5

    0b7051d3a5dfd3859ec71fecb05a72fb

  • SHA1

    a065a3c5304dc03c21818dca9f5ef61cb6475b4d

  • SHA256

    f564b664a153484d9a9903806e9b8d057cda6360f105cafa32690353f492a36e

  • SHA512

    68986b559734562c65c199661a2ebb16c61e32f32896f2bebc508b790ba926a08a86840f057e9d9f81e3f7c976445eb988c482a521adda2006dd64c175f48103

  • SSDEEP

    49152:1wPxOFcTgm3WMLbM127KzIeMNNzOnrJK0cA/ldaXx:yZFTL3WMvM12BeMNl+NK0vldaXx

Score
10/10

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://porelinofigoventa.com/test/

https://rofleratom.com/test/

aes.hex

Targets

    • Target

      mallware/-2019376703.dll

    • Size

      1.4MB

    • MD5

      deacf3ec44812b9c1a1e9901faf80998

    • SHA1

      1c07ef28e9285699d64de609542868545c698da4

    • SHA256

      3d8d690978d63252b9799fcd632203f111c95e0c148ebb932988761fb07c3715

    • SHA512

      42f385985b5e3093acb2a6787ecbe03945126e9b9000a6af620c9e70784563980bfc23c0072380670a08fabae1c5448d0c42a4096589a0af0341de3f2c71532e

    • SSDEEP

      24576:0EhSRMgPAxBoZYd3DOYQG0AVuHf2fkEmr88CxUsWgyEeghRMr2KyTKOMX:0EhS0xBoZYd3SYQG0AVEf2fkEmrdCxaX

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      mallware/libcef.dll

    • Size

      2.8MB

    • MD5

      d15e669440bcf98988840d6cad890aea

    • SHA1

      3ec5c7e8e8b1eac27f19949fa3050e398ba9ffdf

    • SHA256

      07caefa61d9a84725281f45859b9958ffa65f55f7f10d264aed60cf714ab82b5

    • SHA512

      892bf13dac3f62d15cc56213b8f20c0160f5a7127a725094abd6a555b645b53151c305552628b0aa67dc38cd361383f02fd4be31857b7ce09db8c07a0f22ecdc

    • SSDEEP

      49152:ut+oiS/938wIiAJXt6UGm97iUjHxlVQljUEiBRj6CmssE1Gd5o1nLz6:uGb5VhHmssvd6z6

    Score
    10/10
    • Detects Latrodectus

      Detects Latrodectus v1.4.

    • Latrodectus family

    • Latrodectus loader

      Latrodectus is a loader written in C++.

MITRE ATT&CK Matrix

Tasks