extra
follower
run
scub
Behavioral task
behavioral1
Sample
UpdaterTag.dll
Resource
win10v2004-20250502-en
Target
UpdaterTag.dll
Size
68KB
MD5
83b818ff4a89800c0d85273edfdd57ec
SHA1
748a7c8d06bdf599cbcf08cd994cf3f497b3cd4f
SHA256
1faa8e7a55214085f71663ed79e023a1df09819e3b92b5a61fbc2fc4ee92c6eb
SHA512
70b10aa63b6be9bd9d639902d17882f41b76977b7e29ea682841f20b904050a6fa802b80dee60b3b8ecc6329a73b13c47e8cb056e22b1da6b963eef271e92034
SSDEEP
768:kzsvRTYSvX4soOkTZqlSySUjdVfuh7uLWPFtYu8l5sizD9wDJlGy5jA3hx9EH6:kzcwdO2ZyPQFEjn9AJUoCmH
latrodectus
1.4
https://daringdesigners.com/work/
https://domtrst455.com/work/
Detects Latrodectus v1.4.
| resource | yara_rule |
|---|---|
| sample | family_latrodectus_1_4 |
Checks for missing Authenticode signature.
| resource |
|---|
| UpdaterTag.dll |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PeekNamedPipe
GetLastError
CreateMutexW
MessageBeep
MessageBoxA
extra
follower
run
scub
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ