latrodectus | 1984-27-0x000007FFFFF70000-0x000007FFFFF85000-memory[.]dmp

General

Target

1984-27-0x000007FFFFF70000-0x000007FFFFF85000-memory.dmp
Size

84KB
MD5

61ec3f781213f4d71054b2f5fa5d4f12
SHA1

ce81159a42882a519c47fc9e2c0949b7c15957fe
SHA256

39d45192fb37e71a82bbf811c4a15de14f2ad6c9cf3c0fcadd70fa98769be93a
SHA512

4c039a12019a247bd4dd235a65c4515d54fef02da7b6c5e3e86ce0ad9d9caaf443261a1f1baf969750a7daef1918929de8047ac250e5981f2ed95a0a3f82400b
SSDEEP

768:uzsvRTYS/m6QFON/LbazVJ10NNuycf8buR6ExXPYEgUDP+JoMe1kKM:uzc+jFORXaKjihxziJot

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://rolefenik.com/test/

https://ergiholim.com/test/

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

Processes:

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1984-27-0x000007FFFFF70000-0x000007FFFFF85000-memory.dmp

Files

1984-27-0x000007FFFFF70000-0x000007FFFFF85000-memory.dmp
.dll windows:5 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB