originbotnet | f6332f23fa99f7881e3793645d71e1643279391fce24eb1ff5a58adc318aec2a | Triage

Sharing

General

Target

f6332f23fa99f7881e3793645d71e1643279391fce24eb1ff5a58adc318aec2a_JC.exe
Size

338KB
Sample

231013-cgtzdaac9z
MD5

dbadf9908b622af274db313906a95d3f
SHA1

de94f8284be7bee5880623c68fbc14a44ea61aa5
SHA256

f6332f23fa99f7881e3793645d71e1643279391fce24eb1ff5a58adc318aec2a
SHA512

dcb8055cddc77ac267b726019ec68a4a200f27531cffd291fa59bd15950c02c4ae21ec2265a09334fd05b6d8cb15cbfac35beaa4ededeb788dc7b8470adfe521
SSDEEP

6144:e84kJM8GgA188qLgXERTxM/BRhDm1l4Rh0xIpTYx2ap/mZX1BUCvEHX:h4kpy88cgXERTxMJRel4Rh0ep0xRp/ms

Score

10^/10

originbotnet keylogger persistence rat trojan

Malware Config

Extracted

Family

originbotnet

C2

https://grdhfour.shop/gate

Attributes

add_startup
false
download_folder_name
4tmn4xe4.gde
hide_file_startup
false
startup_directory_name
rOUfBC
startup_environment_name
appdata
startup_installation_name
rOUfBC.exe
startup_registry_name
rOUfBC
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Targets

- Target
  
  f6332f23fa99f7881e3793645d71e1643279391fce24eb1ff5a58adc318aec2a_JC.exe
- Size
  
  338KB
- MD5
  
  dbadf9908b622af274db313906a95d3f
- SHA1
  
  de94f8284be7bee5880623c68fbc14a44ea61aa5
- SHA256
  
  f6332f23fa99f7881e3793645d71e1643279391fce24eb1ff5a58adc318aec2a
- SHA512
  
  dcb8055cddc77ac267b726019ec68a4a200f27531cffd291fa59bd15950c02c4ae21ec2265a09334fd05b6d8cb15cbfac35beaa4ededeb788dc7b8470adfe521
- SSDEEP
  
  6144:e84kJM8GgA188qLgXERTxM/BRhDm1l4Rh0xIpTYx2ap/mZX1BUCvEHX:h4kpy88cgXERTxMJRel4Rh0ep0xRp/ms
Score

10^/10

originbotnet keylogger persistence rat trojan
- OriginBotnet
  OriginBotnet is a remote access trojan written in C#.
  trojan rat keylogger originbotnet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

originbotnetkeyloggerpersistencerattrojan

behavioral2

originbotnetkeyloggerpersistencerattrojan