latrodectus | 9fad77b6c9968ccf160a20fee17c3ea0d944e91eda9a3ea937027618e2f9e54e[.]exe | Triage

Sharing

General

Target

9fad77b6c9968ccf160a20fee17c3ea0d944e91eda9a3ea937027618e2f9e54e.exe
Size

76KB
MD5

80a0b619884a185d0abdffda3918cb33
SHA1

b2edde7d7cd7b01d9cec7644e45ec3246afda077
SHA256

9fad77b6c9968ccf160a20fee17c3ea0d944e91eda9a3ea937027618e2f9e54e
SHA512

9f6e546060cab0de8450027f1a8d471d483f1e60bd13b3ed4224210abdbcce9e2d0c628617abca9eb0e5bf6a1a6b5682a47b419a0858bf4dcfb90ca45b92341d
SSDEEP

768:8xO+qDlWGT9NVu48up+g5KFNhhlJwb9LfpwThs1GSy:8k+qD4Ud/5KFhrmVfOhs1GSy

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://mazdakrichest.com/live/

https://riverhasus.com/live/

Signatures

Detect larodectus Loader variant 1 1 IoCs

resource	yara_rule
sample	family_latrodectus_v1

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fad77b6c9968ccf160a20fee17c3ea0d944e91eda9a3ea937027618e2f9e54e.exe

Files

9fad77b6c9968ccf160a20fee17c3ea0d944e91eda9a3ea937027618e2f9e54e.exe
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

scab

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ