Resubmissions

31-10-2023 06:15

231031-gzwcdagh7z 10

24-05-2023 13:31

230524-qsqmzsdb5t 10

General

  • Target

    58203.bin

  • Size

    176KB

  • Sample

    230524-qsqmzsdb5t

  • MD5

    c5307c17eeda787432f82f1d648a368c

  • SHA1

    2a6b0f3a422a49e450cc39354fd687084c8a209e

  • SHA256

    f4ba5e8f98fe70d764df71b7c390237b90ed0fc3408579a15a06ee56008a3531

  • SHA512

    ce0e25440c4af26ed62868620607c2a812e426c3053cdf5d91c2734cdf26526ce55f6bbf4989d96309c0569808f22cf4b6159db1ed9bb415ca2903eede5bb495

  • SSDEEP

    3072:Df5M0zA8NTyQXMyVAyzPt+irbu5xYWLFQ3aC6ulgkNS82avsM:3AgeQcaJrFWxm6ulgWS82ZM

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

    • Target

      58203.bin

    • Size

      176KB

    • MD5

      c5307c17eeda787432f82f1d648a368c

    • SHA1

      2a6b0f3a422a49e450cc39354fd687084c8a209e

    • SHA256

      f4ba5e8f98fe70d764df71b7c390237b90ed0fc3408579a15a06ee56008a3531

    • SHA512

      ce0e25440c4af26ed62868620607c2a812e426c3053cdf5d91c2734cdf26526ce55f6bbf4989d96309c0569808f22cf4b6159db1ed9bb415ca2903eede5bb495

    • SSDEEP

      3072:Df5M0zA8NTyQXMyVAyzPt+irbu5xYWLFQ3aC6ulgkNS82avsM:3AgeQcaJrFWxm6ulgWS82ZM

    • Mylobot

      Botnet which first appeared in 2017 written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks