latrodectus | ff354796f9e0a1edea31b8c9f65cda1b[.]bin | Triage

Sharing

General

Target

ff354796f9e0a1edea31b8c9f65cda1b.bin
Size

28KB
MD5

de2d4361bcf99f59854a59c16741dbb4
SHA1

48f79e76c806b31be46690e7b67484d8c50946e4
SHA256

31e2cd5214dbb4dc41312d3a868a7ea5be95c40468320eb178bbb0201efee721
SHA512

a076eee0093ce9cb6377470d621b42dfeace3d3a6932aae4cbc6e2f34f421b2adcb7261f36f59fdac2b78afd52b051fd8ebe5e728d4970b8bc865fb3378b3110
SSDEEP

768:rC+NtJgOSMRrQn/NdNCNwg5zIY6dbFndLSsPdV:JfoManVdEwg5zqzhPdV

Score

10^/10

loader latrodectus

Malware Config

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
static1/unpack001/7040402574a686f031c3af5fed37509d8979855397787aab70b2d1059099d2da.exe	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7040402574a686f031c3af5fed37509d8979855397787aab70b2d1059099d2da.exe

Files

ff354796f9e0a1edea31b8c9f65cda1b.bin
.zip

Password: infected
7040402574a686f031c3af5fed37509d8979855397787aab70b2d1059099d2da.exe
.dll windows:6 windows x64 arch:x64

Password: infected

ecb712bfe0d1558ffce8f8c2df526278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ