latrodectus | 18723427693[.]zip | Triage

Sharing

General

Target

18723427693.zip
Size

32KB
MD5

15945f784790116923eeb93cd067126d
SHA1

9b2c2865be7c64b9fe64c57b19725e5b71426e81
SHA256

02823fa1cb13dfdacbe0041b4418548709dc520f22236251a68b4a5a1e0351af
SHA512

d81d4be991d8c271aa84c61f33e9b216bf4132574ced6d67503f26ab966612017b4e0814297dfa2bff1103ece94bd02c1ba3fd97cad8fe5b4cce8edc466c1d4f
SSDEEP

768:loPtvihu66qcnIU4kjCPIx4gMiOyW7SdONY:lolvyT6H4k/YyQSdOy

Score

10^/10

latrodectus

Malware Config

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
static1/unpack001/5decad758ad23f90ceafd132702935d4feb17a77859bbd2d6573f00e1d3180f1	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5decad758ad23f90ceafd132702935d4feb17a77859bbd2d6573f00e1d3180f1

Files

18723427693.zip
.zip

Password: infected
5decad758ad23f90ceafd132702935d4feb17a77859bbd2d6573f00e1d3180f1
.dll windows:6 windows x64 arch:x64

Password: infected

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ