originbotnet | 10_sample[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10_sample.bin
Size

29KB
MD5

78834332f1e8fad12da24187b00c0c8b
SHA1

0886fddc7cfad07d4a85967a68df5a7993002b52
SHA256

eac17cff1f70bbe0d163edfd8298a164fb49d782940a550f89f5c9526f801bd6
SHA512

687df87144b27514fe1b8b47b47c1d27ada3bed93b51f297a3e86daa942632443c6be871d32cb323c94a733794dfe4759f11af01447fef897bef8aeeefb2b695
SSDEEP

768:SheDoB0tlGdTRyWHnTyKFSTAxIilCiChYnGqiK:SSoBol83HCTMNCiCmG1K

Score

10^/10

originbotnet

Malware Config

Extracted

Family

originbotnet

C2

https://lamba.nitrosoftwares.shop/gate

Attributes

add_startup
false
download_folder_name
zeyy4dqc.kds
hide_file_startup
false
startup_directory_name
efUDQ
startup_environment_name
appdata
startup_installation_name
efUDQ.exe
startup_registry_name
efUDQ
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Signatures

Originbotnet family
originbotnet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10_sample.bin

Files

10_sample.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ