mylobot | 325493202601e5f9c362eb916422f8d6dfa367339b4801c62eef6ba8ac972838 | Triage

Sharing

General

Target

ex.gif
Size

367KB
Sample

240808-3tqqlaweqd
MD5

01a6a316bacd726134bdec900b2511c5
SHA1

4d66a5cd128cb21b48d2d8acc5c5b3fb6343373b
SHA256

325493202601e5f9c362eb916422f8d6dfa367339b4801c62eef6ba8ac972838
SHA512

13f742691f953f1d6df20cf3188cc706e30691603d09ec7bc1882c028dfedfb2df3d5dde0363c93e5f92be1b664a3763f226ef6ece0b35d196b2db20bf491804
SSDEEP

6144:5TeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+FkkvECKCJdQWo2:5TbTE1rkt826L4xd1EiEt6empQ+uK+uQ

Score

10^/10

mylobot botnet discovery persistence

Malware Config

Extracted

Family

mylobot

C2

onthestage.ru:6521

krebson.ru:4685

stanislasarnoud.ru:5739

Targets

- Target
  
  ex.gif
- Size
  
  367KB
- MD5
  
  01a6a316bacd726134bdec900b2511c5
- SHA1
  
  4d66a5cd128cb21b48d2d8acc5c5b3fb6343373b
- SHA256
  
  325493202601e5f9c362eb916422f8d6dfa367339b4801c62eef6ba8ac972838
- SHA512
  
  13f742691f953f1d6df20cf3188cc706e30691603d09ec7bc1882c028dfedfb2df3d5dde0363c93e5f92be1b664a3763f226ef6ece0b35d196b2db20bf491804
- SSDEEP
  
  6144:5TeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+FkkvECKCJdQWo2:5TbTE1rkt826L4xd1EiEt6empQ+uK+uQ
Score

10^/10

mylobot botnet discovery persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetdiscoverypersistence