Extracted

• • Target

    UpdaterTag.dll

  • Size

    72KB

  • MD5

    4d3511cedaddff8cdd991c1bcbbbf274

  • SHA1

    9a6dcaa5d0a6bc5dc0e525d8495f81776c89f457

  • SHA256

    25df81bebae736bf7e5cc42ef18b4756d1de8cd2cd4f1e508b6bf5108bac69e7

  • SHA512

    3f201909ec716f5dd64df459d760ac44f9c2b14bec1a91ef68882c1817ed29564028bfc829be8998490f583895eb7f93a2b600c8472cd4781aaf1aa34a165918

  • SSDEEP

    768:Vz7vRTYS4Oi5ONdWJ7HRCRuVnjhaQu7SDqRefml4I4QDqauXj57CHf8Idi+a7dHU:Vzh7eO6hHRCwhBfml4I6z5If8INaJ0

  Score

  10^/10

  latrodectusadwarediscoveryloaderpersistenceprivilege_escalationstealer

  • Detects Latrodectus

    Detects Latrodectus v1.4.

  • Latrodectus family

    latrodectus

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus

  • Blocklisted process makes network request

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Deletes itself

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  behavioral1behavioral2