{
	"id": "7a42f382-4c59-4dd5-b26b-a20298f9fc43",
	"created_at": "2026-04-06T00:21:10.936396Z",
	"updated_at": "2026-04-10T13:11:38.79748Z",
	"deleted_at": null,
	"sha1_hash": "11a95cd8ce4fc1bd70274d53640e091c498a54b3",
	"title": "Latrodectus",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36308,
	"plain_text": "Latrodectus\r\nPublished: 2024-09-30 · Archived: 2026-04-05 23:05:54 UTC\r\n0x1400109f8: {\r\n0x140010a10: \"pid\":\r\n0x140010a30: \"%d\",\r\n0x140010a50: \"proc\":\r\n0x140010a70: \"%s\",\r\n0x140010a90: \"subproc\": [\r\n0x140010ab8: ]\r\n0x140010ad0: }\r\n0x140010c00: \u0026desklinks=[\r\n0x140010c28: *.*\r\n0x140010c48: \"%s\"\r\n0x140010c68: ]\r\n0x140010ae8: \u0026proclist=[\r\n0x140010b10: {\r\n0x140010b28: \"pid\":\r\n0x140010b48: \"%d\",\r\n0x140010b68: \"proc\":\r\n0x140010b88: \"%s\",\r\n0x140010ba8: \"subproc\": [\r\n0x140010bd0: ]\r\n0x140010be8: }\r\n0x140010000: /c ipconfig /all\r\n0x140010070: C:\\Windows\\System32\\cmd.exe\r\n0x140010038: /c systeminfo\r\n0x1400100c0: C:\\Windows\\System32\\cmd.exe\r\n0x140010110: /c nltest /domain_trusts\r\n0x140010190: C:\\Windows\\System32\\cmd.exe\r\n0x1400101e0: /c nltest /domain_trusts /all_trusts\r\n0x140010240: C:\\Windows\\System32\\cmd.exe\r\n0x140010290: /c net view /all /domain\r\n0x140010300: C:\\Windows\\System32\\cmd.exe\r\n0x140010158: /c net view /all\r\n0x140010350: C:\\Windows\\System32\\cmd.exe\r\n0x1400103a0: /c net group \"Domain Admins\" /domain\r\n0x140010400: C:\\Windows\\System32\\cmd.exe\r\n0x140010450: /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get * /Format:Li\r\n0x140010520: C:\\Windows\\System32\\wbem\\wmic.exe\r\n0x140010580: /c net config workstation\r\n0x1400105d0: C:\\Windows\\System32\\cmd.exe\r\n0x140010620: /c wmic.exe /node:localhost /namespace:\\\\root\\SecurityCenter2 path AntiVirusProduct Get\r\nhttps://research.openanalysis.net/latrodectus/config/emulation/2024/09/30/latrodectus.html\r\nPage 1 of 3\n\n0x140010780: C:\\Windows\\System32\\cmd.exe\r\n0x1400107d0: /c whoami /groups\r\n0x140010810: C:\\Windows\\System32\\cmd.exe\r\n0x1400102d8: \u0026ipconfig=\r\n0x140010860: \u0026systeminfo=\r\n0x140010888: \u0026domain_trusts=\r\n0x1400108b0: \u0026domain_trusts_all=\r\n0x1400108e0: \u0026net_view_all_domain=\r\n0x140010910: \u0026net_view_all=\r\n0x140010938: \u0026net_group=\r\n0x140010960: \u0026wmic=\r\n0x140010980: \u0026net_config_ws=\r\n0x1400109a8: \u0026net_wmic_av=\r\n0x1400109d0: \u0026whoami_group=\r\n0x140010cb0: Custom_update\r\n0x140010c80: Update_%x\r\n0x140010ce8: .dll\r\n0x140010d08: .exe\r\n0x140010d28: Updater\r\n0x140010d50: \"%s\"\r\n0x140010d70:\r\n0x140010d88: rundll32.exe\r\n0x140010db8: \"%s\", %s %s\r\n0x140010df0: runnung\r\n0x140010e18: :wtfbbq\r\n0x140010f98: front\r\n0x140010fb8: /files/\r\n0x140010fd8: .exe\r\n0x140010e70: %d\r\n0x140010e90: %s%s\r\n0x140010eb0: files/bp.dat\r\n0x140010ed8: %s\\%d.dll\r\n0x140010f08: %d.dat\r\n0x140010f30: %s\\%s\r\n0x140010f58: init -zzzz=\"%s\\%s\"\r\n0x140010e48: %s/%s\r\n0x140010ff8: Wiski\r\n0x140011018: .exe\r\n0x140011120: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)\r\n0x1400111b0: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)\r\n0x140011060: Content-Type: application/x-www-form-urlencoded\r\n0x1400110a8: POST\r\n0x1400110c8: GET\r\n0x140011250: CLEARURL\r\n0x140011270: URLS\r\n0x140011290: COMMAND\r\n0x1400112b0: ERROR\r\nhttps://research.openanalysis.net/latrodectus/config/emulation/2024/09/30/latrodectus.html\r\nPage 2 of 3\n\n0x1400112d0: 2sDbsEUXvhgLOO4Irt8AF6el3jJ0M1MowXyao00Nn6ZUjtjXwb\r\n0x140011320: counter=%d\u0026type=%d\u0026guid=%s\u0026os=%d\u0026arch=%d\u0026username=%s\u0026group=%lu\u0026ver=%d.%d\u0026up=%d\u0026direction\r\n0x1400113a0: counter=%d\u0026type=%d\u0026guid=%s\u0026os=%d\u0026arch=%d\u0026username=%s\u0026group=%lu\u0026ver=%d.%d\u0026up=%d\u0026direction\r\n0x140011420: counter=%d\u0026type=%d\u0026guid=%s\u0026os=%d\u0026arch=%d\u0026username=%s\u0026group=%lu\u0026ver=%d.%d\u0026up=%d\u0026direction\r\n0x140011498: \u0026dpost=[{\"data\":\"\r\n0x1400114c0: \"}]\r\n0x140011b30: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\r\n0x140011be8: https://minrezviko.com/test/\r\n0x140011c20: https://agrahusrat.com/test/\r\n0x140011748: %s%d.dll\r\n0x1400118e0: %s%d.exe\r\n0x1400117d0: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)\r\n0x140011860: \u003chtml\u003e\r\n0x140011728: \u003c!DOCTYPE\r\n0x140011508: AppData\r\n0x140011530: Desktop\r\n0x140011558: Startup\r\n0x140011580: Personal\r\n0x1400115a8: Local AppData\r\n0x140011620: Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\r\n0x140011a18: \u0026mac=\r\n0x140011a38: %02x\r\n0x140011a98: ;\r\n0x140011ab0: \u0026computername=%s\r\n0x140011ad8: \u0026domain=%s\r\n0x1400115e0: \\Registry\\Machine\\\r\n0x140011bb8: %04X%04X%04X%04X%08X%04X\r\n0x140011b00: \\*.dll\r\n0x14001189c: -------\u003e bytearray(b'\\xd9\\x80I\\x9c\\xf8\\xa5\\xbbCr\\xb9B\\xd8k\\xc0j\\xfa3\\x9d\\xdcR3\\xc8\\xe9\\x\r\n0x1400116c0: C:\\WINDOWS\\SYSTEM32\\rundll32.exe %s,%s\r\n0x140011770: C:\\WINDOWS\\SYSTEM32\\rundll32.exe %s\r\n0x1400118a0: 12345\r\n0x1400118c0: \u0026stiller=\r\n0x140011880: 12345\r\n0x140011960: TimeTrigger\r\n0x140011990: PT0H%02dM\r\n0x1400119c0: %04d-%02d-%02dT%02d:%02d:%02d\r\n0x140011a78: PT0S\r\n0x140011c58: \\update_data.dat\r\n0x140011ca0: URLS\r\n0x140011cc0: URLS|%d|%s\r\nSource: https://research.openanalysis.net/latrodectus/config/emulation/2024/09/30/latrodectus.html\r\nhttps://research.openanalysis.net/latrodectus/config/emulation/2024/09/30/latrodectus.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://research.openanalysis.net/latrodectus/config/emulation/2024/09/30/latrodectus.html"
	],
	"report_names": [
		"latrodectus.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434870,
	"ts_updated_at": 1775826698,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/11a95cd8ce4fc1bd70274d53640e091c498a54b3.pdf",
		"text": "https://archive.orkl.eu/11a95cd8ce4fc1bd70274d53640e091c498a54b3.txt",
		"img": "https://archive.orkl.eu/11a95cd8ce4fc1bd70274d53640e091c498a54b3.jpg"
	}
}