Latrodectus Rapid Evolution Continues With Latest New Payload Features
Aug. 30, 2024, 8:37 a.m.
Description
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The report examines the obfuscation techniques used, the deobfuscation process, the C2 communication, and the new commands introduced.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 30, 2024, 8:10 a.m. | Aug. 30, 2024, 8:10 a.m. | Aug. 30, 2024, 8:37 a.m. |
Indicators
5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8
4dbb76374e57bb0aeda7f060d7b49fd1c0bba480ab1527dfa0ea009db0383298
1db686635bcdde30163e1e624c4d8f107fd2a20507690151c69cc6a0c482207a
01d58793f67c3adc862fb046005aca630643ed849a58b9d480852d4df5df57c2
d623b8ef6226cec3e24c55127de873e7839c776bb1a93b57b25fdbea0db68ea2
https://pikchestop.com/test/
https://minrezviko.com/test/
https://indepahote.com/test/
https://agrahusrat.com/test/
http://193.203.203.40/rev.msi
Attack Patterns
Latrodectus
IcedID - S0483
T1207
T1569.002
T1497.002
T1497.001
T1059.007
T1071.001
T1105
T1033
T1027