General
-
Target
SecuriteInfo.com.Win32.RATX-gen.23117.32662.exe
-
Size
542KB
-
Sample
231014-mww3dscf2z
-
MD5
cb8d2cb4372947471ba2f6a7bc3a9c35
-
SHA1
bcf8b0c9f36c33902b11c5e3b3942143068f52ce
-
SHA256
4f09e1857f411cee21a8f8b56535dcf67937ec013873c180215c6420856b4e17
-
SHA512
65fe838186ef865cc4229b04df7268aa1c410fafe64d7264fb6489e5158ec0cbc690730451d1e5c1e22d5010c20771419071f5b512052a7b7bd9382e62a01163
-
SSDEEP
1536:NPd/84RBumqgMUAxEUZ45zT8VXJci2ejtP7nRCHlTigBVrFuOL5aZcThsZ:ZuvgMUOEUvVXJV2ejtlyluOLb
Malware Config
Extracted
originbotnet
https://lamba.nitrosoftwares.shop/gate
-
add_startup
false
-
download_folder_name
zeyy4dqc.kds
-
hide_file_startup
false
-
startup_directory_name
efUDQ
-
startup_environment_name
appdata
-
startup_installation_name
efUDQ.exe
-
startup_registry_name
efUDQ
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.23117.32662.exe
-
Size
542KB
-
MD5
cb8d2cb4372947471ba2f6a7bc3a9c35
-
SHA1
bcf8b0c9f36c33902b11c5e3b3942143068f52ce
-
SHA256
4f09e1857f411cee21a8f8b56535dcf67937ec013873c180215c6420856b4e17
-
SHA512
65fe838186ef865cc4229b04df7268aa1c410fafe64d7264fb6489e5158ec0cbc690730451d1e5c1e22d5010c20771419071f5b512052a7b7bd9382e62a01163
-
SSDEEP
1536:NPd/84RBumqgMUAxEUZ45zT8VXJci2ejtP7nRCHlTigBVrFuOL5aZcThsZ:ZuvgMUOEUvVXJV2ejtlyluOLb
Score10/10-
OriginBotnet
OriginBotnet is a remote access trojan written in C#.
-
Suspicious use of SetThreadContext
-