originbotnet | 05656b4fe91e2bec98bd23c38128a8d848773f6cce748865de42b4fb5425b563 | Triage

Sharing

General

Target

05656b4fe91e2bec98bd23c38128a8d848773f6cce748865de42b4fb5425b563
Size

424KB
Sample

231012-mcrnkacg5y
MD5

be2e007e04dc075f8416036a010e7f16
SHA1

dbe78a9274697cd6f982118e733c6c843f2ebd3a
SHA256

05656b4fe91e2bec98bd23c38128a8d848773f6cce748865de42b4fb5425b563
SHA512

c58a3ff80720dd164e002edb0def9dea8c3c61649f97a95669c7bc4a57ee318671b2caaeac85c96a379592007889723fe74a3e008018b98df71642528202e9fa
SSDEEP

12288:siV2iaBq3svtWRccMgNqkPJH7PEjVnZCEAwe+:/V1t3sF+cINqwJTER0wv

Score

10^/10

originbotnet keylogger rat trojan

Malware Config

Extracted

Family

originbotnet

C2

http://ltm-canada.com/gate

Attributes

add_startup
false
download_folder_name
1t3t3fnc.bup
hide_file_startup
false
startup_directory_name
microsoft NFT
startup_environment_name
temp
startup_installation_name
microsoft NFT.exe
startup_registry_name
microsoft NFT
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Targets

- Target
  
  HSB3448822-T01.exe
- Size
  
  507KB
- MD5
  
  86d24a9dfa8a36b395a430d3fa23248b
- SHA1
  
  720cbb24f088035ad6545da9c0c53104b740041b
- SHA256
  
  b37d94e96d141c7d82aca12eb63fffaf4f285aa21811248628584f167f3a294b
- SHA512
  
  8cc2d2aea40eb34bfc36e26bfc84afdb2b1914436f69e2068111b93a6649041c27d9a99faec5e0e23ec60637004c1a34942da3a15d7d63e7f2ed6f09d9fe9ab3
- SSDEEP
  
  12288:IdzzIUj2iNtM8Fi1Z4qkdJl7PENV0YCWsDkaTm:sEUj1o6i1Z4q0J5E7Vmka
Score

10^/10

originbotnet keylogger rat trojan
- OriginBotnet
  OriginBotnet is a remote access trojan written in C#.
  trojan rat keylogger originbotnet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

originbotnetkeyloggerrattrojan

behavioral2

originbotnetkeyloggerrattrojan