latrodectus | UpdaterTag[.]dll | Triage

Sharing

General

Target

UpdaterTag.dll
Size

60KB
MD5

c6defb73ea6c5ed9c9c9127912173585
SHA1

7094f6e20e574ac665fbd0eabefcdf884d92071e
SHA256

ebc6a85717dbb95d489ceff61305f88476a094509d0ced095aaf730fad35bf3e
SHA512

c32e34fdc47a13324fe8fd44ae74a16b6c4cb03e0ebfa4c1770e48cfc807ce1cc8f9d143f746bb4bd804f985b158c7c228a39fb5e0cdacff12492d041c30d17b
SSDEEP

768:izsvRTYS/m6QFON/LbazVJ/lNSuycf8buR6ExXPYEgUDP+6G8/:izc+jFORXaR2ihxziF

Score

10^/10

latrodectus

Malware Config

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

Processes:

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

UpdaterTag.dll

Files

UpdaterTag.dll
.dll windows:5 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ