latrodectus | 9150000[.]dll | Triage

Sharing

General

Target

9150000.dll
Size

72KB
MD5

58edde4852b0a685ea522a014f67b4ae
SHA1

1f0c23a11d30f3ba5aa5f8d87874e869f42690f3
SHA256

dbd85d5dd501bb7fad3990f0801d32da438a5bc60bd7cf6999d5bc535291146c
SHA512

21f243cc59a9bcee29b5f1fa128025a3232ee722317363bd27f75a7e8fb90670062e8f66f7a4b7396b1bdc51e9391e0871b615f781c08242e6c6746ebe06c3b5
SSDEEP

768:VqQQOFMeTIhSujjTd4gD+ORu0+MtuowYfIEEfVJI:8dOEvd4gR7trw5ffI

Score

10^/10

loader latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://ultroawest.com/live/

https://lettecoft.com/live/

Signatures

Detect larodectus Loader variant 2 1 IoCs

resource	yara_rule
sample	family_latrodectus_v2

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9150000.dll

Files

9150000.dll
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ