mylobot | b02be8ff3c1850ee2457d2148fd98fe13259bdf4221e5e21e5de4cd1e9a1627f | Triage

Sharing

General

Target

7c7564aec9c675ce3d58e29b1965167e_JaffaCakes118
Size

176KB
Sample

240528-laeesaeh83
MD5

7c7564aec9c675ce3d58e29b1965167e
SHA1

b3121e1b12c8b131556d3a034eddb815c0318943
SHA256

b02be8ff3c1850ee2457d2148fd98fe13259bdf4221e5e21e5de4cd1e9a1627f
SHA512

3d275d23a06bad8cfc5cad5f5483669832f71d61cfdf0be324843bf9bfb4b38224bd872f6a3e6902ac8041fab4191c6667b4c707ae30de88fcfdeb81f945a2cb
SSDEEP

3072:5f5s9s6ltBxOFBUI94Pi+7yB4X82DYnNmCdFSERNv:cdtbaf8ij4L2NBLp

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  7c7564aec9c675ce3d58e29b1965167e_JaffaCakes118
- Size
  
  176KB
- MD5
  
  7c7564aec9c675ce3d58e29b1965167e
- SHA1
  
  b3121e1b12c8b131556d3a034eddb815c0318943
- SHA256
  
  b02be8ff3c1850ee2457d2148fd98fe13259bdf4221e5e21e5de4cd1e9a1627f
- SHA512
  
  3d275d23a06bad8cfc5cad5f5483669832f71d61cfdf0be324843bf9bfb4b38224bd872f6a3e6902ac8041fab4191c6667b4c707ae30de88fcfdeb81f945a2cb
- SSDEEP
  
  3072:5f5s9s6ltBxOFBUI94Pi+7yB4X82DYnNmCdFSERNv:cdtbaf8ij4L2NBLp
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence

behavioral2

mylobotbotnetpersistence