latrodectus | UpdaterTag[.]dll

General

Target

UpdaterTag.dll
Size

72KB
MD5

4d3511cedaddff8cdd991c1bcbbbf274
SHA1

9a6dcaa5d0a6bc5dc0e525d8495f81776c89f457
SHA256

25df81bebae736bf7e5cc42ef18b4756d1de8cd2cd4f1e508b6bf5108bac69e7
SHA512

3f201909ec716f5dd64df459d760ac44f9c2b14bec1a91ef68882c1817ed29564028bfc829be8998490f583895eb7f93a2b600c8472cd4781aaf1aa34a165918
SSDEEP

768:Vz7vRTYS4Oi5ONdWJ7HRCRuVnjhaQu7SDqRefml4I4QDqauXj57CHf8Idi+a7dHU:Vzh7eO6hHRCwhBfml4I6z5If8INaJ0

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/

Attributes

group
Mimikast
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UpdaterTag.dll

Files

UpdaterTag.dll
.dll windows:5 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B