Behavioral task
behavioral1
Sample
140000000.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral2
Sample
140000000.exe
Resource
win11-20240730-en
General
-
Target
140000000.exe
-
Size
80KB
-
MD5
ccb39b9783cf86f042a7a0695da16471
-
SHA1
3a63736753ed562387a4d8e6a78dd1c28fbcfff3
-
SHA256
4401f0b73c59c23e52b34e871c38b0c24d4fffd4ad064f796db3ecfebbb5584d
-
SHA512
3c43cf4aa67a103d5f171c55776b5a57cd84b956fc257610155d93560609a9d8a6019090e74b0c0520d9de11853dd7cecbd1f816fcce7d2235b4532282245ee1
-
SSDEEP
1536:k9OiJYVQ/9k3H9Xyuszwf8egKKUnaC6P:kLk3HBmwkegKKUnaNP
Malware Config
Extracted
latrodectus
https://spikeliftall.com/live/
https://godfaetret.com/live/
Signatures
-
Latrodectus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 140000000.exe
Files
-
140000000.exe.exe windows:6 windows x64 arch:x64
db7aeb75528663639689f852fd366243
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
PeekNamedPipe
GetLastError
CreateMutexW
user32
MessageBeep
MessageBoxA
Sections
.text Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ