Inside the Latrodectus Malware Campaign
Oct. 21, 2024, 10:54 a.m.
Tags
External References
Description
The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect users to download obfuscated JavaScript. This script then downloads and executes an MSI file, dropping a malicious 64-bit DLL in the %appdata% folder. The DLL, disguised with fake NVIDIA version information, unpacks another payload in memory and connects to a command and control server. The campaign utilizes URL shorteners, compromised domains, and well-known storage services to host malicious payloads, demonstrating a sophisticated blend of old and new tactics to evade detection.
Date
Published: Oct. 21, 2024, 10:53 a.m.
Created: Oct. 21, 2024, 10:53 a.m.
Modified: Oct. 21, 2024, 10:54 a.m.
Indicators
617e31e9f71b365fe69719d3fc980d763e827a4f93d0e776d1587d0bfdb47674
3b86c9516bd5d57758ab976e32af2d7873d7ad0b0e063a49ee13c168f2c1e980
194.54.156.91
https://digitalpinnaclepub.com/?3
https://delview.com/MobileDefault.aspx?reff=https://cutt.ly/seU8MT6t#_fZ0NmW
https://delview.com/MobileDefault.aspx?reff=https://cutt.ly/seU8MT6t#_fZ0NmW”
http://gertioma.top/o.jpg
http://194.54.156.91/dsa.msi
tiguanin.com
rilomenifis.com
mazinom.com
leroboy.com
krinzhodom.com
klemanzino.net
isomicrotich.com
greshunka.com
gertioma.top
digitalpinnaclepub.com
delview.com
bazarunet.com
Attack Patterns
Latrodectus
IcedID - S0483
Latrodectus
T1102.002
T1218.011
T1059.001
T1547.001
T1059.007
T1071.001
T1105
T1204
T1140
T1027
T1566
Additional Informations
Automotive
Healthcare
Finance