latrodectus | d32db5208d83134ba5c8d6b8c8289aeb[.]bin | Triage

Sharing

General

Target

d32db5208d83134ba5c8d6b8c8289aeb.bin
Size

27KB
MD5

69688c6aec822c25136e70b6eda47d21
SHA1

8d34ad8b3a301b27dfbe9c7e151470db35a2ac08
SHA256

7b8990df5ebb895797b5a0148d76f8008bb6141fd5c6cd715488bf35d6c35613
SHA512

009ea840330ccc213d9f8ef4050860861902fbfc6051c615502af6299fa243c7c7a04340f81cace7b9046d8da89db4733c8410ce03b485b05c3741b9d02339b0
SSDEEP

768:QY2L7tycGfpeF6VoG+UAd+1/qItqsjs2J0R/+FcAqr6kO0:QY2L7tycGhege0hS2J0R/9AqOS

Score

10^/10

loader latrodectus

Malware Config

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
static1/unpack001/34aff1767909ff582d15949922549fddb5849f163260ad3efdc32d4f869fdf09.exe	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/34aff1767909ff582d15949922549fddb5849f163260ad3efdc32d4f869fdf09.exe

Files

d32db5208d83134ba5c8d6b8c8289aeb.bin
.zip

Password: infected
34aff1767909ff582d15949922549fddb5849f163260ad3efdc32d4f869fdf09.exe
.dll windows:6 windows x64 arch:x64

Password: infected

ecb712bfe0d1558ffce8f8c2df526278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ