Overview

overview

10

Static

static

3

nex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nex.gif

  • Size

    367KB

  • Sample

    240901-3wzraaweke

  • MD5

    5111c960148d9847a4b4fb25f0b6f1e6

  • SHA1

    21c954d9ec208c169630983970f6a59cbe25ab2e

  • SHA256

    598857ebe87e67db25ccf5a543cd553b77fe4be93e9808e236f90068432788a8

  • SHA512

    e86cd82864f2daa6dbbed8d13f9cbe4c27dacfcd74fcaea43bd1e0c6dc2aaacfe96c1659513b9f4cfd5f7a7b6cf380db7441f5f491b3ef5d17e32e0aa38afab5

  • SSDEEP

    6144:kfeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+Fwk4/lqIN9P8GzgUy:kfbTE1rkt826L4xd1EiEt6empQ+uK+a4

Score
10/10
mylobotbotnetdiscoverypersistence

Malware Config

Extracted

Family

mylobot

C2

onthestage.ru:6521

krebson.ru:4685

stanislasarnoud.ru:5739

Targets

    • Target

      nex.gif

    • Size

      367KB

    • MD5

      5111c960148d9847a4b4fb25f0b6f1e6

    • SHA1

      21c954d9ec208c169630983970f6a59cbe25ab2e

    • SHA256

      598857ebe87e67db25ccf5a543cd553b77fe4be93e9808e236f90068432788a8

    • SHA512

      e86cd82864f2daa6dbbed8d13f9cbe4c27dacfcd74fcaea43bd1e0c6dc2aaacfe96c1659513b9f4cfd5f7a7b6cf380db7441f5f491b3ef5d17e32e0aa38afab5

    • SSDEEP

      6144:kfeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+Fwk4/lqIN9P8GzgUy:kfbTE1rkt826L4xd1EiEt6empQ+uK+a4

    Score
    10/10
    mylobotbotnetdiscoverypersistence

    • Mylobot

      Botnet which first appeared in 2017 written in C++.

      botnetmylobot

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks