originbotnet | 8_sample[.]bin | Triage

Sharing

General

Target

8_sample.bin
Size

29KB
MD5

441198e764d65901601e49920caaac31
SHA1

4e9362c675097686a0a84147b16567fce402a78d
SHA256

4793b892c2efde4b9c0253226c7c3ee3f96e0c30744a0bbde3dbdf4307353944
SHA512

1829d3133d25c6fda1c927498b5ae0e2e3524e24959b31502cb2a9e1091d37d53a543f52de549c6daca4281ad08bff071a130f71c8f5166ce83b86b3d895d571
SSDEEP

768:d5eDlBEtlGdTRyWHnoyKFSTxxIilCi6LhlGax:d6lB4l83HnTvNCi6LTGax

Score

10^/10

originbotnet

Malware Config

Extracted

Family

originbotnet

C2

https://joshua6440.nitrosoftwares.shop/gate

Attributes

add_startup
false
download_folder_name
jfede1fc.mke
hide_file_startup
false
startup_directory_name
MnNshND
startup_environment_name
appdata
startup_installation_name
MnNshND.exe
startup_registry_name
MnNshND
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Signatures

Originbotnet family
originbotnet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8_sample.bin

Files

8_sample.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ