latrodectus | 6070000[.]dll | Triage

Sharing

General

Target

6070000.dll
Size

68KB
MD5

d54d899ec9e4555777439bf6d734a745
SHA1

b9b511f4d6e6faff0bd2a7bb93ff3d37ee6211f1
SHA256

4089f000d8345012ec48d4e6ab6462d4310dce81a152b185cd9f8a5ac8ae7088
SHA512

083452fe90888c16fb8745bc094258f32aaf09fd9d38ee5f5a400ba6578bcb1f95c1fc2eed289bac55624261e2270dbf766f8187606f399f1fc286a66a4ab3bf
SSDEEP

768:kX755uspugOulWKxZu4faayRHXrqCzlFC+OuyWUpWad:GuYO84ayR7qAlU2

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://workspacin.cloud/live/

https://illoskanawer.com/live/

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
sample	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6070000.dll

Files

6070000.dll
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ