File: Ludus.zip ... [FREE]

Monitoring traffic with Wireshark reveals an attempted connection to a specific IP address and port (commonly 4444 , the default for Metasploit).

Written to HKCU\Software\Ludus as a "high score" or configuration value. Key Artifacts File: Ludus.zip ...

Encoded within the Python script's variables. Environment Variable: Set by the malware upon execution. File: Ludus.zip ...

This yields .pyc files. Using a decompiler like uncompyle6 or pycdc allows us to read the original source code. File: Ludus.zip ...

Copyright by The Two Bite Club