mylobot | a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560 | Triage

Sharing

General

Target

a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
Size

36KB
Sample

230814-vlqfvsdg94
MD5

5f2aff67459bfdb75f1dd51f3a2b380f
SHA1

9939563ac43b09fbcca6ca32630084df55e07746
SHA256

a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
SHA512

6e2acb78db850ba82b0e37f4d70196c908316b28f6bda565ae086292b48bab513860fffc2f1970fbf1575c6bb0a665b09d96733833c5f2cec18c0deac96345c4
SSDEEP

768:zOEMiDQsGijtlhlgJTRDrfYLfGPwbuUT:aRV2t/S7Dr0yUT

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:6391

zdrussle.ru:4507

pseyumd.ru:8597

stydodo.ru:7094

wasyellowindexhotel.ru:7393

fywkuzp.ru:6401

rxzyglt.ru:1973

qhrywlc.ru:8926

fgqjwdl.ru:3485

qwwzlam.ru:5576

dqoudex.ru:7396

ssopuyk.ru:3367

gqlgpob.ru:8977

yboqlxs.ru:9336

qmwekpe.ru:1343

pyjhhpx.ru:6769

qyccsug.ru:4256

nrxboty.ru:3757

reczrhm.ru:2587

uzpadrm.ru:4254

Targets

- Target
  
  a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
- Size
  
  36KB
- MD5
  
  5f2aff67459bfdb75f1dd51f3a2b380f
- SHA1
  
  9939563ac43b09fbcca6ca32630084df55e07746
- SHA256
  
  a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
- SHA512
  
  6e2acb78db850ba82b0e37f4d70196c908316b28f6bda565ae086292b48bab513860fffc2f1970fbf1575c6bb0a665b09d96733833c5f2cec18c0deac96345c4
- SSDEEP
  
  768:zOEMiDQsGijtlhlgJTRDrfYLfGPwbuUT:aRV2t/S7Dr0yUT
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence