mylobot | 4a40e321f1517d7118ad54cb037e7d3ec418de3ab2f36c13a4d20280cdab0dc0 | Triage

Sharing

General

Target

6529f11fc4be9c84baa1a44fc5bc0da8_JaffaCakes118
Size

176KB
Sample

240521-3czxyade3z
MD5

6529f11fc4be9c84baa1a44fc5bc0da8
SHA1

7a7486e94505f36b546e11cb24005a0a3876b70e
SHA256

4a40e321f1517d7118ad54cb037e7d3ec418de3ab2f36c13a4d20280cdab0dc0
SHA512

ee2f9a473db5389b021c5dd8b2695622ecf7a8bfb09d71b4c66774768e7e5f4f4ab7fae2ff072bf5929c0a388153d27be62b2bebb637991b3b69b1789628fea0
SSDEEP

3072:/f5BlrPsnRUsO9LWO9s9iXKzgAqIdIFIreeY+o/CEEUiD4Nz7:pcu96O9s9iXKQIKO2EUgS7

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  6529f11fc4be9c84baa1a44fc5bc0da8_JaffaCakes118
- Size
  
  176KB
- MD5
  
  6529f11fc4be9c84baa1a44fc5bc0da8
- SHA1
  
  7a7486e94505f36b546e11cb24005a0a3876b70e
- SHA256
  
  4a40e321f1517d7118ad54cb037e7d3ec418de3ab2f36c13a4d20280cdab0dc0
- SHA512
  
  ee2f9a473db5389b021c5dd8b2695622ecf7a8bfb09d71b4c66774768e7e5f4f4ab7fae2ff072bf5929c0a388153d27be62b2bebb637991b3b69b1789628fea0
- SSDEEP
  
  3072:/f5BlrPsnRUsO9LWO9s9iXKzgAqIdIFIreeY+o/CEEUiD4Nz7:pcu96O9s9iXKQIKO2EUgS7
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence

behavioral2

mylobotbotnetpersistence