General
-
Target
89.txt
-
Size
99KB
-
Sample
231103-hwdtlafg36
-
MD5
1c7d452b31799bbf28304c6f2bb2ea1c
-
SHA1
f0ea9f27d14b23766ce5973efd8c8b058dceadc0
-
SHA256
8de25c6a553a6ae02a3e18e247dfd3f68d78612155382a9f2e2070691348829d
-
SHA512
d7d240b9be5f71daaf0ce73e1e00ccafc23bf760349cb5a178e3b892bb83fa2712eba379e082e4b971ba45905c196996db6ea63f6468733eb33050b8a94e750d
-
SSDEEP
1536:lAF8fGC3JwZu/qvxcOH3hQjlGcEAVqU2Tl6xnEU6Kpb6KEe+QXzX264LP6:i6uC3GZmUZHxhohEMEUj6m+ezmRz6
Malware Config
Extracted
mylobot
fywkuzp.ru:7432
zdrussle.ru:2173
pseyumd.ru:5492
stydodo.ru:2619
tqzknrx.com:1123
mdcqrxw.com:4984
tpwtgyw.com:9631
cnoyucn.com:9426
qhloury.com:4759
fnjxpwy.com:3863
csxpzlz.com:5778
wlkjopy.com:8778
mynfwwk.com:8427
uuitwxg.com:6656
agnxomu.com:8881
wcagsib.com:3547
fmniltb.com:9582
oapwxiu.com:3922
petrrry.com:7531
poubauo.com:4623
Targets
-
-
Target
89.txt
-
Size
99KB
-
MD5
1c7d452b31799bbf28304c6f2bb2ea1c
-
SHA1
f0ea9f27d14b23766ce5973efd8c8b058dceadc0
-
SHA256
8de25c6a553a6ae02a3e18e247dfd3f68d78612155382a9f2e2070691348829d
-
SHA512
d7d240b9be5f71daaf0ce73e1e00ccafc23bf760349cb5a178e3b892bb83fa2712eba379e082e4b971ba45905c196996db6ea63f6468733eb33050b8a94e750d
-
SSDEEP
1536:lAF8fGC3JwZu/qvxcOH3hQjlGcEAVqU2Tl6xnEU6Kpb6KEe+QXzX264LP6:i6uC3GZmUZHxhohEMEUj6m+ezmRz6
Score10/10-
Mylobot
Botnet which first appeared in 2017 written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-