General
-
Target
nex.gif
-
Size
367KB
-
Sample
240921-eb317stdje
-
MD5
5111c960148d9847a4b4fb25f0b6f1e6
-
SHA1
21c954d9ec208c169630983970f6a59cbe25ab2e
-
SHA256
598857ebe87e67db25ccf5a543cd553b77fe4be93e9808e236f90068432788a8
-
SHA512
e86cd82864f2daa6dbbed8d13f9cbe4c27dacfcd74fcaea43bd1e0c6dc2aaacfe96c1659513b9f4cfd5f7a7b6cf380db7441f5f491b3ef5d17e32e0aa38afab5
-
SSDEEP
6144:kfeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+Fwk4/lqIN9P8GzgUy:kfbTE1rkt826L4xd1EiEt6empQ+uK+a4
Malware Config
Extracted
mylobot
onthestage.ru:6521
krebson.ru:4685
stanislasarnoud.ru:5739
Targets
-
-
Target
nex.gif
-
Size
367KB
-
MD5
5111c960148d9847a4b4fb25f0b6f1e6
-
SHA1
21c954d9ec208c169630983970f6a59cbe25ab2e
-
SHA256
598857ebe87e67db25ccf5a543cd553b77fe4be93e9808e236f90068432788a8
-
SHA512
e86cd82864f2daa6dbbed8d13f9cbe4c27dacfcd74fcaea43bd1e0c6dc2aaacfe96c1659513b9f4cfd5f7a7b6cf380db7441f5f491b3ef5d17e32e0aa38afab5
-
SSDEEP
6144:kfeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+Fwk4/lqIN9P8GzgUy:kfbTE1rkt826L4xd1EiEt6empQ+uK+a4
Score10/10-
Mylobot
Botnet which first appeared in 2017 written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-