latrodectus | latrodectus_1[.]2[.]bin | Triage

Sharing

General

Target

latrodectus_1.2.bin
Size

61KB
MD5

58baec37e77f6f7f4339b4557ce9cc57
SHA1

993cf0a9b1472f480d3fa854ce5dbb0fb34c0f05
SHA256

45e327e1fb60a272a3e7aa256c29f1d55846d90733329e7d453f6a1061916775
SHA512

01ec5aa867ac1075effde830c7b6e0d8e84988053009e4942afc6480b29459e508209a45bf704959fb51251bd0af8550f644fc716edabc8bff76d2a0de8197ce
SSDEEP

768:+i0IIO99dKJKbAgQVuyQw4n4mjlQmLvniWiMfDeDvhHImz:ipO9CJKrQF4n4mjltqTMKD5H

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://titnovacrion.top/live/

https://skinnyjeanso.com/live/

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
sample	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
latrodectus_1.2.bin

Files

latrodectus_1.2.bin
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ