Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

Latrodectus Rapid Evolution Continues With Latest New Payload Features

Aug. 30, 2024, 8:37 a.m.

Description

This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The report examines the obfuscation techniques used, the deobfuscation process, the C2 communication, and the new commands introduced.

Date

Published: Aug. 30, 2024, 8:10 a.m.

Created: Aug. 30, 2024, 8:10 a.m.

Modified: Aug. 30, 2024, 8:37 a.m.

Indicators

5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8

4dbb76374e57bb0aeda7f060d7b49fd1c0bba480ab1527dfa0ea009db0383298

1db686635bcdde30163e1e624c4d8f107fd2a20507690151c69cc6a0c482207a

01d58793f67c3adc862fb046005aca630643ed849a58b9d480852d4df5df57c2

d623b8ef6226cec3e24c55127de873e7839c776bb1a93b57b25fdbea0db68ea2

https://pikchestop.com/test/

https://minrezviko.com/test/

https://indepahote.com/test/

https://agrahusrat.com/test/

http://193.203.203.40/rev.msi

Attack Patterns

Latrodectus

IcedID - S0483

T1207

T1569.002

T1497.002

T1497.001

T1059.007

T1071.001

T1105

T1033

T1027