latrodectus | 277c879bba623c8829090015437e002b[.]bin

General

Target

277c879bba623c8829090015437e002b.bin
Size

25KB
MD5

cbf44ff2019cb57fa9c1d850784462b5
SHA1

f3ec74b3eeaaa35fd6394886de5706a945d50207
SHA256

4bc6f0e2484aa666311111e5a7d4b3480756ef9eff291847e826d35125fa83f3
SHA512

244c4e5423be664207fa9193935f53711ea22b2005780298b237c27c10f2466909d4508145ba04a2d0f48c750d500eb983829126d5899891c9932927680a24ac
SSDEEP

768:4wdQ8FdxAp9wBBuyGLC4vU6l9XXg50vb0:ZpxAnYB2m4sm9XXge0

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://titnovacrion.top/live/

https://skinnyjeanso.com/live/

Signatures

Detect larodectus Loader variant 2 1 IoCs

loader

resource	yara_rule
static1/unpack001/a1e74120c32162d18c0245a8390360e9b63a11887e396c270e0ed35296952598.exe	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a1e74120c32162d18c0245a8390360e9b63a11887e396c270e0ed35296952598.exe

Files

277c879bba623c8829090015437e002b.bin
.zip

Password: infected
a1e74120c32162d18c0245a8390360e9b63a11887e396c270e0ed35296952598.exe
.dll windows:6 windows x64 arch:x64

Password: infected

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B