Extracted

• • Target

    UpdaterTag.dll

  • Size

    72KB

  • MD5

    baff48ded319cdc1eb2372e16c833260

  • SHA1

    6ffbbee909e8225337a61da43f18d48bd403b32d

  • SHA256

    16bf1c6d22074a7532c158c0f8ffd7f1e1c36deab934ea5abad5c0d2cea11a62

  • SHA512

    ce560c27b4403ba9e9b14a7398e469e6fc42f79b70586266ae2d2b2210a9f81ea88e92a6f50b077e8480bc5fa9117d64acf1a6b3b3530807bd1534e5aac2cce6

  • SSDEEP

    768:Tz7vRTYS4Oi5ONdWJ7HRCRuVnxsaQu7SDqRefml4I4QDqauXj57CHf8IdAtY5h82:Tzh7eO6hHRCSsBfml4I6z5If8I6oVTt

  Score

  10^/10

  latrodectusadwarediscoveryloaderpersistenceprivilege_escalationstealer

  • Detects Latrodectus

    Detects Latrodectus v1.4.

  • Latrodectus family

    latrodectus

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus

  • Blocklisted process makes network request

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Deletes itself

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  behavioral1behavioral2