latrodectus | UpdaterTag[.]dll[.]exe | Triage

Sharing

General

Target

UpdaterTag.dll.exe
Size

60KB
MD5

a8fcaf7b424f715399e961ea53b23efa
SHA1

68d5e064241c48f7352211d4d7fed5a4baa10ce5
SHA256

59eed9c82f60210e2a58df96fe1ab54a7bb96d2c5e7d5d3cc3b16de433b9958b
SHA512

18f4da3a122197ad43f27be3cfa5f50561546f14e92a3627cf876b91930cbc37bccc92b227c4175dd02b6f00a000928df347093ed8cb24420d20dbad8f292771
SSDEEP

768:WzsvRTYS/m6QFON/LbazVJl0NSuycf8buR6ExXPYEgUDP+doLhOhP8v43s:Wzc+jFORXa62ihxzidoLh6P8v43

Score

10^/10

latrodectus

Malware Config

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UpdaterTag.dll.exe

Files

UpdaterTag.dll.exe
.dll windows:5 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ