mylobot | af54c0dfe1e9bdc7a64051aeff14ee70a8b8371c5374f11beef28cf77a75cd71 | Triage

Sharing

General

Target

db985413812a7508f56a537e7fcf92dd_JaffaCakes118
Size

176KB
Sample

240912-b4wk2svcjm
MD5

db985413812a7508f56a537e7fcf92dd
SHA1

ab65292060648492ac81a9a705565b202e53a77e
SHA256

af54c0dfe1e9bdc7a64051aeff14ee70a8b8371c5374f11beef28cf77a75cd71
SHA512

f063fbf0fed8be062f4077ba9d65fa23fcf17b90e4a62862cce648069dc93a827fa48d533196674940134a01f2c4bf1a912f0c7f1433a31b8022948db2f762ea
SSDEEP

3072:Of5o95zR6N78SuYjKIqUBZCXVYYlfAxTMYhflqA0J4:rzRSASupUB82TDhNB

Score

10^/10

mylobot botnet discovery persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  db985413812a7508f56a537e7fcf92dd_JaffaCakes118
- Size
  
  176KB
- MD5
  
  db985413812a7508f56a537e7fcf92dd
- SHA1
  
  ab65292060648492ac81a9a705565b202e53a77e
- SHA256
  
  af54c0dfe1e9bdc7a64051aeff14ee70a8b8371c5374f11beef28cf77a75cd71
- SHA512
  
  f063fbf0fed8be062f4077ba9d65fa23fcf17b90e4a62862cce648069dc93a827fa48d533196674940134a01f2c4bf1a912f0c7f1433a31b8022948db2f762ea
- SSDEEP
  
  3072:Of5o95zR6N78SuYjKIqUBZCXVYYlfAxTMYhflqA0J4:rzRSASupUB82TDhNB
Score

10^/10

mylobot botnet discovery persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetdiscoverypersistence

behavioral2

mylobotbotnetdiscoverypersistence