Overview

overview

10

Static

static

1

neuro.msi

windows7-x64

8

neuro.msi

windows10-2004-x64

6

neuro.msi

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    neuro.msi

  • Size

    1.8MB

  • Sample

    240627-xf436sveja

  • MD5

    3645512add0c8cb24a88d2ffe3fe7620

  • SHA1

    66dbfe6ffc1918f51b28af1abf55df0d1beaefe6

  • SHA256

    d71bfab9cca5df6a28e12ba51fe5eaf0f9151514b3fd363264513347a8c5cf3a

  • SHA512

    85151258ccb3b590716aed87c4a6a24ba74931aab0b378e279d9ab510fce94dfd26632d8ba44975e8136b1a9cc6c190e64c8b223f5f5e4f5b9cb3c6fb4a9429c

  • SSDEEP

    49152:/YM3YuW8zBQSc0ZnSKYZKumZr7AH6odeQCC:bY90ZniK/AHHdvCC

Score
10/10
latrodectusloaderpersistenceprivilege_escalation

Malware Config

Extracted

Family

latrodectus

C2

https://finjuiceer.com/live/

https://trymeakafr.com/live/

Targets

    • Target

      neuro.msi

    • Size

      1.8MB

    • MD5

      3645512add0c8cb24a88d2ffe3fe7620

    • SHA1

      66dbfe6ffc1918f51b28af1abf55df0d1beaefe6

    • SHA256

      d71bfab9cca5df6a28e12ba51fe5eaf0f9151514b3fd363264513347a8c5cf3a

    • SHA512

      85151258ccb3b590716aed87c4a6a24ba74931aab0b378e279d9ab510fce94dfd26632d8ba44975e8136b1a9cc6c190e64c8b223f5f5e4f5b9cb3c6fb4a9429c

    • SSDEEP

      49152:/YM3YuW8zBQSc0ZnSKYZKumZr7AH6odeQCC:bY90ZniK/AHHdvCC

    Score
    10/10
    persistenceprivilege_escalationlatrodectusloader

    • Latrodectus loader

      Latrodectus is a loader written in C++.

      loaderlatrodectus

    • Detect larodectus Loader variant 2

      loader

    • Blocklisted process makes network request

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks