Overview

overview

5

Static

static

5

MyBot-MBR_...es.vbs

windows7-x64

1

MyBot-MBR_...es.vbs

windows10-2004-x64

1

MyBot-MBR_...es.ps1

windows7-x64

3

MyBot-MBR_...es.ps1

windows10-2004-x64

3

MyBot-MBR_...ol.ps1

windows7-x64

3

MyBot-MBR_...ol.ps1

windows10-2004-x64

3

MyBot-MBR_...ni.ps1

windows7-x64

3

MyBot-MBR_...ni.ps1

windows10-2004-x64

3

MyBot-MBR_...gn.ps1

windows7-x64

3

MyBot-MBR_...gn.ps1

windows10-2004-x64

3

MyBot-MBR_...es.vbs

windows7-x64

1

MyBot-MBR_...es.vbs

windows10-2004-x64

1

MyBot-MBR_...id.ps1

windows7-x64

3

MyBot-MBR_...id.ps1

windows10-2004-x64

3

MyBot-MBR_...ks.ps1

windows7-x64

3

MyBot-MBR_...ks.ps1

windows10-2004-x64

3

MyBot-MBR_...4X.ps1

windows7-x64

3

MyBot-MBR_...4X.ps1

windows10-2004-x64

3

MyBot-MBR_...ed.ps1

windows7-x64

3

MyBot-MBR_...ed.ps1

windows10-2004-x64

3

MyBot-MBR_...mu.ps1

windows7-x64

3

MyBot-MBR_...mu.ps1

windows10-2004-x64

3

MyBot-MBR_...ox.ps1

windows7-x64

3

MyBot-MBR_...ox.ps1

windows10-2004-x64

3

MyBot-MBR_...ls.vbs

windows7-x64

1

MyBot-MBR_...ls.vbs

windows10-2004-x64

1

MyBot-MBR_...rs.ps1

windows7-x64

3

MyBot-MBR_...rs.ps1

windows10-2004-x64

3

MyBot-MBR_...ut.ps1

windows7-x64

3

MyBot-MBR_...ut.ps1

windows10-2004-x64

3

MyBot-MBR_...os.ps1

windows7-x64

3

MyBot-MBR_...os.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MyBot-MBR_v7.5.1/COCBot/functions/Android/AndroidNox.ps1

  • Size

    18KB

  • MD5

    688305d6f49d078de54539cbe2a7bdea

  • SHA1

    f3e2a0bb7f97f139a3e9e3e02ba657c0bdbf533f

  • SHA256

    e56e01b272eb6b650d8c41cf4efd65342a67d51a83e3656197af44c943b906eb

  • SHA512

    2c12b0e78f89c9b1ce81bf079cd3cca8fba5af7457817bdb7ac7b9b259852c2ab80364ba292d117d45f65ec597453c8e78748e16b9fd7d574c676a19c3f4bbac

  • SSDEEP

    192:cAKs9CJ9xOlXPzPGE8Z8ZRZPMglVAnkSveCdTLKoXX9DKHKd5PXFDd0Ke9X4yfFX:kwzA2rCv0qfP0Ky+kJJev55gHNT

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\MyBot-MBR_v7.5.1\COCBot\functions\Android\AndroidNox.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2092-4-0x000000001B610000-0x000000001B8F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2092-5-0x0000000002250000-0x0000000002258000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2092-6-0x000007FEF55EE000-0x000007FEF55EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-7-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-8-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-9-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-10-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

    Filesize

    9.6MB

    Download