The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect users to download obfuscated JavaScript. This script then downloads and executes an MSI file, dropping a malicious 64-bit DLL in the %appdata% folder. The DLL, disguised with fake NVIDIA version information, unpacks another payload in memory and connects to a command and control server. The campaign utilizes URL shorteners, compromised domains, and well-known storage services to host malicious payloads, demonstrating a sophisticated blend of old and new tactics to evade detection. Author: AlienVault
Related Tags:
activex
dll
T1102.002
LATRODECTUS
T1218.011
automotive
IcedID – S0483
T1059.007
MSI
Associated Indicators:
35A990C3BE798108C9D12A47F4A028468EA6095B
71E99A21FFA29E1E391811F5A3D04DCBB9CF0949
9361621490915EBB919B79C6101874F03E4E51BC
881993BCB37AA9504249271B7559ADDC0C633F09
7474873629399EE5FDD984C99B705E0490AB8707
9FBFF5E231C2CAD8612AD112E1BB78EA
krinzhodom.com
isomicrotich.com
tiguanin.com