Tech »  Topic »  Latrodectus Employs New anti-Debugging And Sandbox Evasion Techniques

Latrodectus Employs New anti-Debugging And Sandbox Evasion Techniques

3 weeks, 6 days ago   gbhackers

Latrodectus, a new malware loader, has rapidly evolved since its discovery, potentially replacing IcedID.

It includes a command to download IcedID and has undergone multiple iterations, likely to evade detection. 

Extracting configurations from these versions is crucial for effective threat detection, as the Latrodectus malware has evolved over the past year, with new versions released every few months.

The malware’s distribution chain has remained consistent, utilizing JavaScript and MSI droppers to deliver the final DLL payload.

The payload itself has undergone changes, with the most recent version featuring four unique exports that share the same address and execute the same core logic.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

VMRay Platform’s dynamic analysis reveals the malicious behavior of Latrodectus

The Latrodectus malware family evolved its decryption methods, transitioning from PRNG-based XOR to rolling XOR and adopting AES-256 CTR.

Additionally, it expanded its command-and-control capabilities ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE