Overview

overview

10

Static

static

10

12_sample.exe

windows7-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    12_sample.bin

  • Size

    30KB

  • MD5

    c30f757a7afa1cf5c89405555af54141

  • SHA1

    c7f62c5097ddf8722688684860a6e8d20f1c7d7a

  • SHA256

    647c1751e9dbd59f7b75a0ec72e21e128450422f7f9aa0f296344a1c9e9fff21

  • SHA512

    e359b14e8b64b948b54a28543c1a13e7f63b5995b423f2fa2334bad9dc3b07e5a133bf17e6dafd7ed647ea3235af9300e5651cb88a2fd64fda8265da08f43b7f

  • SSDEEP

    768:StxaPA1RJ4MRBo1oFSu/6hilCeKUIhDldPm:saPA1EUBeuSkCeKUI9lo

Score
10/10
originbotnet

Malware Config

Extracted

Family

originbotnet

C2

http://yingxnimetals.com/gate

Attributes
  • add_startup

    true

  • download_folder_name

    x5wsbycp.epf

  • hide_file_startup

    true

  • startup_directory_name

    snuXV

  • startup_environment_name

    appdata

  • startup_installation_name

    snuXV.exe

  • startup_registry_name

    snuXV

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Signatures

  • Originbotnet family
    originbotnet
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 12_sample.bin
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections