originbotnet

General

Target

F098765434568999B.exe
Size

251KB
Sample

240510-jjpk1aah9s
MD5

abf939bc3a20a604f88b1dd4399ca2d7
SHA1

c656a5989a07d9b104c1eb144d4609d50264bee4
SHA256

cf52051f68630359830c5b2d6c9b8ff3b6e95c5667238787f2972accc0bc0201
SHA512

a623060911ddd9fd4ecd8725a9ef6324f391a46fd800fb425b3b2fe7f3affe9c8bfabb6f5b9b9b55aff49cdc24f610530889ba159014dd49974d1431b3797abd
SSDEEP

6144:PYa6dVy0sCLFy97dXRusmcsTA1A05WntAI00cSz4B:PYRnnLFojusmBqCue4B

Score

10^/10

Malware Config

Extracted

Family

originbotnet

C2

https://mmelak.com/gate

Attributes

add_startup
false
download_folder_name
4si50kud.vpv
hide_file_startup
false
startup_directory_name
pRcub
startup_environment_name
appdata
startup_installation_name
pRcub.exe
startup_registry_name
pRcub
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Targets

- Target
  
  F098765434568999B.exe
- Size
  
  251KB
- MD5
  
  abf939bc3a20a604f88b1dd4399ca2d7
- SHA1
  
  c656a5989a07d9b104c1eb144d4609d50264bee4
- SHA256
  
  cf52051f68630359830c5b2d6c9b8ff3b6e95c5667238787f2972accc0bc0201
- SHA512
  
  a623060911ddd9fd4ecd8725a9ef6324f391a46fd800fb425b3b2fe7f3affe9c8bfabb6f5b9b9b55aff49cdc24f610530889ba159014dd49974d1431b3797abd
- SSDEEP
  
  6144:PYa6dVy0sCLFy97dXRusmcsTA1A05WntAI00cSz4B:PYRnnLFojusmBqCue4B
Score

10^/10

originbotnet keylogger persistence rat trojan
- OriginBotnet
  OriginBotnet is a remote access trojan written in C#.
  trojan rat keylogger originbotnet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  dovhbys.exe
- Size
  
  202KB
- MD5
  
  0bef3d69abb4fe0e2e175ce823b2aa55
- SHA1
  
  aef3193926ef341507fc931c1b375e19eb872bd3
- SHA256
  
  2e422f230bd4a88cc223995a131d6ce9316eea7087d84d059fc45a35af3ea26c
- SHA512
  
  f49e671ed2e8d0e029a214ed0b80b88b2f671ef2d1fd4f49b5da2fa64dd2d4fe2e73f615734a2f5222a5c5627474c55f54dae2f90d9b95df3c08b55fea27fbf0
- SSDEEP
  
  3072:0TkPSL1oCO72F8SgdU7sJJKGG/oADbA9McY2/mq3+Ag0FujqgA0e38:0IPSLSU8PdU7o0GuHAyc9uAOli8
Score

10^/10

originbotnet keylogger persistence rat trojan
- OriginBotnet
  OriginBotnet is a remote access trojan written in C#.
  trojan rat keylogger originbotnet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4