Extracted

• • Target

    6180b3da99cd93c2166f7bb9a893d3ba3eef3dbe9ddd136e880d732cd7cc80d6N

  • Size

    367KB

  • MD5

    3a9599a7c8254282d0634d446b8df8b0

  • SHA1

    db3c5b6812b172b6c678693b4bfbcad030472043

  • SHA256

    6180b3da99cd93c2166f7bb9a893d3ba3eef3dbe9ddd136e880d732cd7cc80d6

  • SHA512

    3959021f6ef4b68a4ca49f9bc6411d6af16e4273fb73b872633e13982a348e4944f0f5f9b5c95e83c68a69add4fa902a2af2e34ba8d238211efa6bb36fc10789

  • SSDEEP

    6144:S1eWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+FAk+7vtTuQrdlmTqtWx:S1bTE1rkt826L4xd1EiEt6empQ+uK++w

  Score

  10^/10

  mylobotbotnetdiscoverypersistence

  • Mylobot

    Botnet which first appeared in 2017 written in C++.

    botnetmylobot

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2