Overview

overview

10

Static

static

3

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    1.1MB

  • Sample

    250324-t7lt5awnx2

  • MD5

    9e894f9f5fb995c45c026405c38cbbfe

  • SHA1

    43814153b994f5fa0f0436f7acde3a4a8767ad7c

  • SHA256

    9908f44de0b732bb4a8eef3e668f7869262f2817eb52c8f99c2b8a3cc9880fac

  • SHA512

    b8b66da6a85449e4e98c10781fef5b97b672e8543ebe4b1e0873056bf08c4ddfda166b8cf6e93485936a9177516c5d58d0f1d551d941dc41f277ccdb985bf57b

  • SSDEEP

    24576:wQ818EiYTmp7kHizJyhZApJXNkNSvnTVUuJLinlyK5AFiogOj0SC3b:8Tmp7p6yd1vnteFL80Pb

Score
10/10
mylobotbotnetdiscoverypersistencespywarestealer

Malware Config

Extracted

Family

mylobot

C2

pqrqtaz.ru:9879

pickcas.ru:6464

quwkbin.ru:3496

rkbupij.ru:6653

pcqmayq.ru:3629

mmuliwe.ru:3541

stoizji.ru:5189

sfdfrhh.ru:3511

ynciazz.ru:4127

mkglhnw.ru:1946

njeeili.ru:9987

dldzeoo.ru:7525

tkbiqjq.ru:5145

uenosbl.ru:2935

faayshc.ru:9865

nttfazc.ru:6761

nfwsyog.ru:7172

uyfusxm.ru:7372

hxkclwx.ru:1294

zgoysam.ru:2338

Targets

    • Target

      1.exe

    • Size

      1.1MB

    • MD5

      9e894f9f5fb995c45c026405c38cbbfe

    • SHA1

      43814153b994f5fa0f0436f7acde3a4a8767ad7c

    • SHA256

      9908f44de0b732bb4a8eef3e668f7869262f2817eb52c8f99c2b8a3cc9880fac

    • SHA512

      b8b66da6a85449e4e98c10781fef5b97b672e8543ebe4b1e0873056bf08c4ddfda166b8cf6e93485936a9177516c5d58d0f1d551d941dc41f277ccdb985bf57b

    • SSDEEP

      24576:wQ818EiYTmp7kHizJyhZApJXNkNSvnTVUuJLinlyK5AFiogOj0SC3b:8Tmp7p6yd1vnteFL80Pb

    Score
    10/10
    mylobotbotnetdiscoverypersistencespywarestealer

    • Mylobot

      Botnet which first appeared in 2017 written in C++.

      botnetmylobot

    • Mylobot family

      mylobot

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.