latrodectus | 9877e439ce0efccc9140ed91405e0fdbacfcbb5dee6b7ddb1bfd3c1dc3be333f[.]exe | Triage

Sharing

General

Target

9877e439ce0efccc9140ed91405e0fdbacfcbb5dee6b7ddb1bfd3c1dc3be333f.exe
Size

74KB
MD5

fd506e6d4c2e1e3335d3802a38cd21b6
SHA1

2ffc078104f87b8d6614d53ca0b263228eff44e0
SHA256

9877e439ce0efccc9140ed91405e0fdbacfcbb5dee6b7ddb1bfd3c1dc3be333f
SHA512

0565d57bfa3f7aa57c5067e6794adebc0f72b5c891b26821f6fab8a9e02b9aa100e6c334713b578351cc197aff14e34638ad01345cb2470b89b53452e8e5a476
SSDEEP

768:3RKz7vRTYSRKrm4mODOJWFgG5nB0GXiuwUKdq3kz40sKjTiqFf8mjop4EejV:3RKzhgrVmOikFzpXiq3mniOf8mjo8

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://pomaspoteraka.com/test/

https://finilamedima.com/test/

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9877e439ce0efccc9140ed91405e0fdbacfcbb5dee6b7ddb1bfd3c1dc3be333f.exe

Files

9877e439ce0efccc9140ed91405e0fdbacfcbb5dee6b7ddb1bfd3c1dc3be333f.exe
.exe windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Sections

.text
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ