mylobot | 806306bff670183f1ec20e3fbcdd5939338794b23041e6d9ee04d2c62b565a0b | Triage

Sharing

General

Target

95d039b20ea43a21c68f3050ee2d904c_JaffaCakes118
Size

176KB
Sample

240604-wvqzesff69
MD5

95d039b20ea43a21c68f3050ee2d904c
SHA1

3bcb67e9d0cef6fb266ef54629551e6de901d911
SHA256

806306bff670183f1ec20e3fbcdd5939338794b23041e6d9ee04d2c62b565a0b
SHA512

0ef289f8dff16acb940eda75a1fe6bcc2145e5bd4c51bd4c7adbe004a74e29cff462a52a6d9c52c94d1d125dc72db40a1fada714d2239c5eaeb3322dd57b863f
SSDEEP

3072:Cf5Y9lz9G/9tvv6kAHjwMM50Yfmo4uZrTvkYCrfKAuIwF9bxHSE1du:95s/fv6kXH50Yf7xrTvkYCr8rh7ju

Score

10^/10

mylobot botnet persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  95d039b20ea43a21c68f3050ee2d904c_JaffaCakes118
- Size
  
  176KB
- MD5
  
  95d039b20ea43a21c68f3050ee2d904c
- SHA1
  
  3bcb67e9d0cef6fb266ef54629551e6de901d911
- SHA256
  
  806306bff670183f1ec20e3fbcdd5939338794b23041e6d9ee04d2c62b565a0b
- SHA512
  
  0ef289f8dff16acb940eda75a1fe6bcc2145e5bd4c51bd4c7adbe004a74e29cff462a52a6d9c52c94d1d125dc72db40a1fada714d2239c5eaeb3322dd57b863f
- SSDEEP
  
  3072:Cf5Y9lz9G/9tvv6kAHjwMM50Yfmo4uZrTvkYCrfKAuIwF9bxHSE1du:95s/fv6kXH50Yf7xrTvkYCr8rh7ju
Score

10^/10

mylobot botnet persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetpersistence

behavioral2

mylobotbotnetpersistence