latrodectus | UpdaterTag[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UpdaterTag.dll
Size

74KB
MD5

41a8b3d9f625a1dc57e11de14a12cccf
SHA1

4132179a19ca62142b2924b63ea0f6143cc4c470
SHA256

952376f9a2e286200ebc5db17542b142d5e994db8ca5491ed7e03c92e68504f7
SHA512

68b9f22adabd019ec488677bad6bb3efd3066c14a02e8e007c1112615333773e887056828fd93c589893a9c499ff87c40bb4afbc0c688698ed3fb25c69e45089
SSDEEP

1536:Szhn3OA/88eZVS18GpH50f88dFk5uyx42Aa:Szhnt/4VS18zk8dFVyxEa

Score

10^/10

latrodectus

Malware Config

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UpdaterTag.dll

Files

UpdaterTag.dll
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ