mylobot | 938eae88d9dfc34c1f6fcdd08371f1af25882f9d34823251888a31ce517fbaf2 | Triage

Sharing

General

Target

ed6420bff14612e2dd4e58d4864f4da4_JaffaCakes118
Size

176KB
Sample

240920-mglm4s1gma
MD5

ed6420bff14612e2dd4e58d4864f4da4
SHA1

ef117478fdd6e77316f953b4a1c4ef4393d3982d
SHA256

938eae88d9dfc34c1f6fcdd08371f1af25882f9d34823251888a31ce517fbaf2
SHA512

3842b188da8c53c67d48980dc6d511c44e5c960b4e689269cbf9a811ec18dbcc911b033bcced1403b87d3bee2ee6e7aba578da1e5a115a780dc36f3f6e99b28e
SSDEEP

3072:5f5bPc/rVdJUEFwPXLdSK9fshmHHt+bsmXO:zPcDVAEFepSVQt+oL

Score

10^/10

mylobot botnet discovery persistence

Malware Config

Extracted

Family

mylobot

C2

fywkuzp.ru:7432

zdrussle.ru:2173

pseyumd.ru:5492

stydodo.ru:2619

tqzknrx.com:1123

mdcqrxw.com:4984

tpwtgyw.com:9631

cnoyucn.com:9426

qhloury.com:4759

fnjxpwy.com:3863

csxpzlz.com:5778

wlkjopy.com:8778

mynfwwk.com:8427

uuitwxg.com:6656

agnxomu.com:8881

wcagsib.com:3547

fmniltb.com:9582

oapwxiu.com:3922

petrrry.com:7531

poubauo.com:4623

Targets

- Target
  
  ed6420bff14612e2dd4e58d4864f4da4_JaffaCakes118
- Size
  
  176KB
- MD5
  
  ed6420bff14612e2dd4e58d4864f4da4
- SHA1
  
  ef117478fdd6e77316f953b4a1c4ef4393d3982d
- SHA256
  
  938eae88d9dfc34c1f6fcdd08371f1af25882f9d34823251888a31ce517fbaf2
- SHA512
  
  3842b188da8c53c67d48980dc6d511c44e5c960b4e689269cbf9a811ec18dbcc911b033bcced1403b87d3bee2ee6e7aba578da1e5a115a780dc36f3f6e99b28e
- SSDEEP
  
  3072:5f5bPc/rVdJUEFwPXLdSK9fshmHHt+bsmXO:zPcDVAEFepSVQt+oL
Score

10^/10

mylobot botnet discovery persistence
- Mylobot
  Botnet which first appeared in 2017 written in C++.
  botnet mylobot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mylobotbotnetdiscoverypersistence

behavioral2

mylobotbotnetdiscoverypersistence