Overview

overview

10

Static

static

3

ed6420bff1...18.exe

windows7-x64

10

ed6420bff1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed6420bff14612e2dd4e58d4864f4da4_JaffaCakes118

  • Size

    176KB

  • Sample

    240920-mglm4s1gma

  • MD5

    ed6420bff14612e2dd4e58d4864f4da4

  • SHA1

    ef117478fdd6e77316f953b4a1c4ef4393d3982d

  • SHA256

    938eae88d9dfc34c1f6fcdd08371f1af25882f9d34823251888a31ce517fbaf2

  • SHA512

    3842b188da8c53c67d48980dc6d511c44e5c960b4e689269cbf9a811ec18dbcc911b033bcced1403b87d3bee2ee6e7aba578da1e5a115a780dc36f3f6e99b28e

  • SSDEEP

    3072:5f5bPc/rVdJUEFwPXLdSK9fshmHHt+bsmXO:zPcDVAEFepSVQt+oL

Score
10/10
mylobotbotnetdiscoverypersistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

    • Target

      ed6420bff14612e2dd4e58d4864f4da4_JaffaCakes118

    • Size

      176KB

    • MD5

      ed6420bff14612e2dd4e58d4864f4da4

    • SHA1

      ef117478fdd6e77316f953b4a1c4ef4393d3982d

    • SHA256

      938eae88d9dfc34c1f6fcdd08371f1af25882f9d34823251888a31ce517fbaf2

    • SHA512

      3842b188da8c53c67d48980dc6d511c44e5c960b4e689269cbf9a811ec18dbcc911b033bcced1403b87d3bee2ee6e7aba578da1e5a115a780dc36f3f6e99b28e

    • SSDEEP

      3072:5f5bPc/rVdJUEFwPXLdSK9fshmHHt+bsmXO:zPcDVAEFepSVQt+oL

    Score
    10/10
    mylobotbotnetdiscoverypersistence

    • Mylobot

      Botnet which first appeared in 2017 written in C++.

      botnetmylobot

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.