From cc0871b2a956004162f5c81370fa1a533460445a Mon Sep 17 00:00:00 2001
From: enzo <7831008+enzok@users.noreply.github.com>
Date: Sun, 25 Feb 2024 14:04:04 -0500
Subject: [PATCH] Update Latrodectus.py

---
 modules/processing/parsers/CAPE/Latrodectus.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/modules/processing/parsers/CAPE/Latrodectus.py b/modules/processing/parsers/CAPE/Latrodectus.py
index a878ecf4259..ece6fbf584e 100644
--- a/modules/processing/parsers/CAPE/Latrodectus.py
+++ b/modules/processing/parsers/CAPE/Latrodectus.py
@@ -16,14 +16,11 @@
 import logging
 import os
 import re
-import sys
 from contextlib import suppress
 
 import pefile
 import yara
 
-sys.path.append(os.path.join(os.path.abspath(os.path.dirname(__file__)), ".."))
-
 from lib.cuckoo.common.constants import CUCKOO_ROOT
 
 yara_path = os.path.join(CUCKOO_ROOT, "data", "yara", "CAPE", "Latrodectus.yar")
@@ -58,14 +55,12 @@ def decrypt_string(data, type):
     src = data[6:]
     result = bytearray()
 
-    if type == 1:
-        for i in range(length):
+    for i in range(length):
+        if type == 1:
             seed = prng_seed(seed)
-            result.append((seed ^ src[i]) & 0xFF)
-    elif type == 2:
-        for i in range(length):
+        elif type == 2:
             seed += 1
-            result.append((seed ^ src[i]) & 0xFF)
+        result.append((seed ^ src[i]) & 0xFF)
     return result
 
 
@@ -82,7 +77,6 @@ def extract_config(filebuf):
 
     for hit in yara_hit:
         if hit.rule == "Latrodectus":
-            data = None
             try:
                 pe = pefile.PE(data=filebuf, fast_load=True)
                 data_sections = [s for s in pe.sections if s.Name.find(b".data") != -1]
@@ -115,6 +109,7 @@ def extract_config(filebuf):
                         break
                     else:
                         i += 1
+                campaign = ""
                 if ".exe" in str_vals[i + 2]:
                     campaign = str_vals[i + 1]
                 cfg = {