latrodectus | 38450cf934121c9f92785beffb73602919014752310960768324029d9ba91e13[.]exe | Triage

Sharing

General

Target

38450cf934121c9f92785beffb73602919014752310960768324029d9ba91e13.exe
Size

59KB
MD5

54feebf7544cd0c82d019eed11dd3b2e
SHA1

c849ca34a04672104feeb176dcb148ba530ea9de
SHA256

38450cf934121c9f92785beffb73602919014752310960768324029d9ba91e13
SHA512

22832ffb4cf685724c11984066fd9f6043ac34638551bdbcd4ab7e3ac3abc50ba0b139ba1fff7974b68bb504f6a709afc6446f62a783ac726425f78ed9abf2ba
SSDEEP

768:88oWfTLO3B5YC0YbauRPv87BZILqSdE8TWz7MUDgvKw+gkuGLOhe:8MfO3orjBZdGSMc

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://saicetyapy.space/live/

https://grebiunti.top/live/

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
sample	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38450cf934121c9f92785beffb73602919014752310960768324029d9ba91e13.exe

Files

38450cf934121c9f92785beffb73602919014752310960768324029d9ba91e13.exe
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ