Inside the Latrodectus Malware Campaign
Oct. 21, 2024, 10:54 a.m.
Description
The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect users to download obfuscated JavaScript. This script then downloads and executes an MSI file, dropping a malicious 64-bit DLL in the %appdata% folder. The DLL, disguised with fake NVIDIA version information, unpacks another payload in memory and connects to a command and control server. The campaign utilizes URL shorteners, compromised domains, and well-known storage services to host malicious payloads, demonstrating a sophisticated blend of old and new tactics to evade detection.
Tags
Date
- Created: Oct. 21, 2024, 10:53 a.m.
- Published: Oct. 21, 2024, 10:53 a.m.
- Modified: Oct. 21, 2024, 10:54 a.m.
Indicators
- 617e31e9f71b365fe69719d3fc980d763e827a4f93d0e776d1587d0bfdb47674
- 3b86c9516bd5d57758ab976e32af2d7873d7ad0b0e063a49ee13c168f2c1e980
- 194.54.156.91
- https://digitalpinnaclepub.com/?3
- https://delview.com/MobileDefault.aspx?reff=https://cutt.ly/seU8MT6t#_fZ0NmW
- https://delview.com/MobileDefault.aspx?reff=https://cutt.ly/seU8MT6t#_fZ0NmW”
- http://gertioma.top/o.jpg
- http://194.54.156.91/dsa.msi
- tiguanin.com
- rilomenifis.com
- mazinom.com
- leroboy.com
- krinzhodom.com
- klemanzino.net
- isomicrotich.com
- greshunka.com
- gertioma.top
- digitalpinnaclepub.com
- delview.com
- bazarunet.com
Additional Informations
- Automotive
- Healthcare
- Finance