mylobot | d082e3fad40563c0f90565610682c03e2e94cce54c116eb4621f1bc6ea445151 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

257766cf1393b30ebea91d02717dbc95_JaffaCakes118
Size

176KB
Sample

240508-sralgsdb52
MD5

257766cf1393b30ebea91d02717dbc95
SHA1

0ca85cb5f3af52dfb97362380126fb717622e68f
SHA256

d082e3fad40563c0f90565610682c03e2e94cce54c116eb4621f1bc6ea445151
SHA512

e79296a62cf41d0b8edc1400808f631d71b81079a6048f9df454e9601fceb5e632281e4e81333c6eda6806be78e5ec15e14ce15dcc615ed9a1053c88f5ffbb8b
SSDEEP

3072:+f5tsYvQn51EWxs/qJyfDz6WZuzbruZ9dgX:hWePtyywuTuk

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  257766cf1393b30ebea91d02717dbc95_JaffaCakes118
- Size
  
  176KB
- MD5
  
  257766cf1393b30ebea91d02717dbc95
- SHA1
  
  0ca85cb5f3af52dfb97362380126fb717622e68f
- SHA256
  
  d082e3fad40563c0f90565610682c03e2e94cce54c116eb4621f1bc6ea445151
- SHA512
  
  e79296a62cf41d0b8edc1400808f631d71b81079a6048f9df454e9601fceb5e632281e4e81333c6eda6806be78e5ec15e14ce15dcc615ed9a1053c88f5ffbb8b
- SSDEEP
  
  3072:+f5tsYvQn51EWxs/qJyfDz6WZuzbruZ9dgX:hWePtyywuTuk
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence

behavioral2

mylobotbotnetpersistence