originbotnet | 5_sample[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5_sample.bin
Size

29KB
MD5

41cd57604e37686c031feac4dcbb47ac
SHA1

1f1ef77e61d84b52601030071a9ef0b6c880b3d1
SHA256

3c82463fb4b6b6c9c234eb20b197f434ba6543f445db22990917bcb464b40b2b
SHA512

b853dfee2edf1893c1f4be7ae71bdb76c99c6ecc82bd435e54d555f3c1eaa3f46f1e84aebb3769c8fa4fb04701218d12937f0d049a29ffa3f5eb5ba875f36927
SSDEEP

768:91eDABQtlGdTRyWHnCyKFST7xIilCiyh0Gwr:9OABkl83HhTdNCiyOGwr

Score

10^/10

originbotnet

Malware Config

Extracted

Family

originbotnet

C2

https://nice.nitrosoftwares.shop/gate

Attributes

add_startup
false
download_folder_name
fjppipxw.1a3
hide_file_startup
false
startup_directory_name
zzZdP
startup_environment_name
appdata
startup_installation_name
zzZdP.exe
startup_registry_name
zzZdP
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Signatures

Originbotnet family
originbotnet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5_sample.bin

Files

5_sample.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ