Latrodectus Loader

This report analyzes Latrodectus, a recently observed Windows loader used by multiple threat actors (notably TA577 and TA578) to deliver secondary payloads such as IcedID and Lumma Stealer via email-based infection chains (malicious JS, MSI via WebDAV, ISO/LNK). It details C2 behavior (RC4+Base64 POSTs, reusable key), command handlers, runtime API resolving, anti-analysis checks, a large set of network IoCs, MITRE ATT&CK mappings, and detection recommendations including Suricata rules and host-based monitoring guidance.