mylobot | 952e2386a91263f53fbf5b388fca239ccfe704972cc85eebf91c7d9d2e3e6c4d | Triage

Sharing

General

Target

75182cf979390ad5baa0ff0fad1025c4_JaffaCakes118
Size

176KB
Sample

240526-lwbwsaec3w
MD5

75182cf979390ad5baa0ff0fad1025c4
SHA1

75daeb8cfb8a800243b27514d084cbc1415a73fc
SHA256

952e2386a91263f53fbf5b388fca239ccfe704972cc85eebf91c7d9d2e3e6c4d
SHA512

0f5aafd507276105b4ce5b5bb6fb0b87ef01db6b1507703974ae337811319d692fb6d74a1fa19670ad755f41b5c38c1d7d12f040d8c0518d9ca2207fcc06af43
SSDEEP

3072:8f5hPu4QtsatBov/wutuH2nN++NCvahI3aVl8Kgjzok1Dqi3SNBXE+:SuxtsatBawutuH2n8WCoTo5Dqi3So+

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  75182cf979390ad5baa0ff0fad1025c4_JaffaCakes118
- Size
  
  176KB
- MD5
  
  75182cf979390ad5baa0ff0fad1025c4
- SHA1
  
  75daeb8cfb8a800243b27514d084cbc1415a73fc
- SHA256
  
  952e2386a91263f53fbf5b388fca239ccfe704972cc85eebf91c7d9d2e3e6c4d
- SHA512
  
  0f5aafd507276105b4ce5b5bb6fb0b87ef01db6b1507703974ae337811319d692fb6d74a1fa19670ad755f41b5c38c1d7d12f040d8c0518d9ca2207fcc06af43
- SSDEEP
  
  3072:8f5hPu4QtsatBov/wutuH2nN++NCvahI3aVl8Kgjzok1Dqi3SNBXE+:SuxtsatBawutuH2n8WCoTo5Dqi3So+
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence

behavioral2

mylobotbotnetpersistence