originbotnet | 9_sample[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9_sample.bin
Size

29KB
MD5

3c504f74952f08c720ef378f0d989650
SHA1

07166002e009c19c5ecc4c262a1740faa3ba9edb
SHA256

ce2c6ebcee384ceccd4a63601ac08b002af5184103e2df64126995aff70b0195
SHA512

554932e51a8abd676737ec4f9245e6a832b07844c054b21b43af761f8a6313b9c1e90c8660fa342f31ee8077d758c80bc17bd3054a9d75677b497274f5498f13
SSDEEP

768:uWeD4BQtlGdTRyWHnhyKFSTmxIilCiJhzGjc:uR4Bkl83HoTmNCiJdGjc

Score

10^/10

originbotnet

Malware Config

Extracted

Family

originbotnet

C2

https://nitrosoftwares.shop/gate

Attributes

add_startup
false
download_folder_name
0uvf4vxi.zxu
hide_file_startup
false
startup_directory_name
VxxWqfE
startup_environment_name
appdata
startup_installation_name
VxxWqfE.exe
startup_registry_name
VxxWqfE
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Signatures

Originbotnet family
originbotnet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9_sample.bin

Files

9_sample.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ