latrodectus | UpdaterTag[.]dll

General

Target

UpdaterTag.dll
Size

61KB
MD5

be06d0b1863afe4ef8228734497bf070
SHA1

01bc9765d91506de98fdc7100a8cbf29a00c42bf
SHA256

6efecfde145da3e885b576c5ad101ef2bbfc992b1daaf639d6466e0f34a291ca
SHA512

11e537ca7833128fe0019b7c6c2422e5ec129969cdd7b537addef8fc032d91507ad664b3fa5dcaa685f6dde28dc6aa3391e3d6e8ee207662ecbd6b5276f44da4
SSDEEP

768:mzsvRTYSfv3nabO35TxhKaS8TAu0X8w4jU2zRobK3Jj6abTFUK8CCLicljcTqgu:mzcnnoORm8Jh1RoGZO0ADicVPg

Score

10^/10

latrodectus

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://forefilarem.com/test/

https://xiolewarentiom.com/test/

aes.hex

1
d623b8ef6226cec3e24c55127de873e7839c776bb1a93b57b25fdbea0db68ea2

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UpdaterTag.dll

Files

UpdaterTag.dll
.dll windows:5 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 52KB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

We care about your privacy.

.text
Size: 49KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB