mylobot | 9f930b106c1d1ddcb832a86e14c0474d3d2e6c22b0d3408fccfa8347d7f4e7c4 | Triage

Sharing

General

Target

9f930b106c1d1ddcb832a86e14c0474d3d2e6c22b0d3408fccfa8347d7f4e7c4.bin.sample
Size

176KB
Sample

230809-ntw52scf2s
MD5

3d95d71bd59673c0cfc11a4c4e83b2a5
SHA1

5a2974fdd6efe7522a7fd2e09a9b3bfe8aaf9c6d
SHA256

9f930b106c1d1ddcb832a86e14c0474d3d2e6c22b0d3408fccfa8347d7f4e7c4
SHA512

1ba9be0ab2a3ff1fa56b961577d0aa09f479239504dfd56dca06fe61bf3c2b97c83bd92723a946b7b36b537ad7c65f8262d99c0c3f45034611cea173892f29ef
SSDEEP

3072:6Y54PMbcuRKw6hglBd8MySlpNBb3MTccUvY/pBRvCnZ4oH+Y+rm4f5B5dL5T/Qef:eq+qlBdP7NN8TccZanTz+C4hfJ5T/jHR

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  9f930b106c1d1ddcb832a86e14c0474d3d2e6c22b0d3408fccfa8347d7f4e7c4.bin.sample
- Size
  
  176KB
- MD5
  
  3d95d71bd59673c0cfc11a4c4e83b2a5
- SHA1
  
  5a2974fdd6efe7522a7fd2e09a9b3bfe8aaf9c6d
- SHA256
  
  9f930b106c1d1ddcb832a86e14c0474d3d2e6c22b0d3408fccfa8347d7f4e7c4
- SHA512
  
  1ba9be0ab2a3ff1fa56b961577d0aa09f479239504dfd56dca06fe61bf3c2b97c83bd92723a946b7b36b537ad7c65f8262d99c0c3f45034611cea173892f29ef
- SSDEEP
  
  3072:6Y54PMbcuRKw6hglBd8MySlpNBb3MTccUvY/pBRvCnZ4oH+Y+rm4f5B5dL5T/Qef:eq+qlBdP7NN8TccZanTz+C4hfJ5T/jHR
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence