Malware Analysis Report

2025-05-28 17:23

Sample ID 250517-1qestahj6z
Target libcef.dll
SHA256 69af1d10dd1dacae362ab8fd4e5bcc97ddb363cdeb06a4bf1bc3db4dfc68b1e1
Tags
latrodectus loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69af1d10dd1dacae362ab8fd4e5bcc97ddb363cdeb06a4bf1bc3db4dfc68b1e1

Threat Level: Known bad

The file libcef.dll was found to be: Known bad.

Malicious Activity Summary

latrodectus loader

Latrodectus family

Latrodectus loader

Blocklisted process makes network request

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-05-17 21:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-17 21:50

Reported

2025-05-17 22:06

Platform

win10v2004-20250502-en

Max time kernel

681s

Max time network

791s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1

Signatures

Latrodectus family

latrodectus

Latrodectus loader

loader latrodectus

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 daringdesigners.com udp
US 172.67.150.179:443 daringdesigners.com tcp
US 8.8.8.8:53 domtrst455.com udp
US 104.21.45.217:443 domtrst455.com tcp
US 172.67.150.179:443 daringdesigners.com tcp
US 104.21.45.217:443 domtrst455.com tcp

Files

memory/4856-0-0x00000173C3E80000-0x00000173C5B32000-memory.dmp

memory/4856-3-0x00000173C3E80000-0x00000173C5B32000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-17 21:50

Reported

2025-05-17 22:06

Platform

win11-20250502-en

Max time kernel

678s

Max time network

789s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1

Signatures

Latrodectus family

latrodectus

Latrodectus loader

loader latrodectus

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcef.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 daringdesigners.com udp
US 172.67.150.179:443 daringdesigners.com tcp
US 172.67.219.126:443 domtrst455.com tcp
US 172.67.150.179:443 daringdesigners.com tcp
US 172.67.219.126:443 domtrst455.com tcp

Files

memory/2100-2-0x000001D3958D0000-0x000001D397582000-memory.dmp

memory/2100-0-0x000001D3958D0000-0x000001D397582000-memory.dmp