latrodectus | 13d416399ce269b4acfa8c1d9fe7a0c0N[.]exe | Triage

Sharing

General

Target

13d416399ce269b4acfa8c1d9fe7a0c0N.exe
Size

765KB
MD5

13d416399ce269b4acfa8c1d9fe7a0c0
SHA1

4f6a5d5b2d621e6d8b8edac0f5677c83554168bb
SHA256

f52bbd86e543805078868f817bd7c5e03d85768e5bc8889495f57b1a41f94b9f
SHA512

6132a36137cb442e4315b1e46eff93969da2e4f5a6012df198d2d9ccd0eb43075810611489c3eed790f7bf2276da21f5234a86233bef3d47caf0f15849665dfe
SSDEEP

6144:XQ3owkeG7wIZQYDGwDTWCJprCgc6ggB5Z4D8DilDIimcggBvu1RZWdBZdoKRZWEQ:+keU1efwTJ1C/6vB5Z4D8IDIf

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://spikeliftall.com/live/

https://godfaetret.com/live/

Signatures

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13d416399ce269b4acfa8c1d9fe7a0c0N.exe

Files

13d416399ce269b4acfa8c1d9fe7a0c0N.exe
.exe windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ