latrodectus | latro_unpacked[.]zip | Triage

Sharing

General

Target

latro_unpacked.zip
Size

24KB
MD5

4a4381d0371dfbf71d2b3372aad3cde1
SHA1

5e93823bb9fa9d55af0c05fd507295496f4cc5c1
SHA256

7aceb3a8567e2ff21ea95b78cb0c450531ba106cfe7ca83a1d02eea6f79ffbaf
SHA512

9a39ae8d7cfa3ddbce98dbdfa34168e4925b685ce3918576dc86c526ad6cfc25c51427ef843b1439d121bd75c0b6b25c3dca21838bb8c4505dea838e6029722b
SSDEEP

384:OxCrus8+l6jBq51p72T1GmbRQiHq7jCoENhUzhRkryzEw/VGqb4XoNks+/fHn:iCrupM6NqTtCFb7ICnhKRkeEwMqXHA

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

C2

https://workspacin.cloud/live/

https://qaliharsit.tech/live/

Signatures

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Latrodectus/3be9e476da2e99adbc49591cbc94b4d9/payload/payload.exe

Files

latro_unpacked.zip
.zip

Password: infected123
Latrodectus/3be9e476da2e99adbc49591cbc94b4d9/payload/payload.exe
.exe windows:6 windows x64 arch:x64

Password: infected123

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ