General
-
Target
rid.gif.sample
-
Size
367KB
-
Sample
250327-r64mfatthx
-
MD5
871e489e879885db39c583b5cd90bc30
-
SHA1
19897738a379bfce7f1a19be11885f2334acadd8
-
SHA256
d50f7ead9e1d87a6b2f0812996bc8e4e9b1524b35324b75eeba9616cfc782b91
-
SHA512
b3a965841b33c55f0ab6d41a459eeeb66a29fd3b114bc82ccf953d0c459858755c97970152e346e794c2674a9cf9bd219014ecf344f3ce4ee2cfe9a2c4572fd3
-
SSDEEP
6144:aPeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+FqktodbFQy+:aPbTE1rkt826L4xd1EiEt6empQ+uK+U8
Malware Config
Extracted
mylobot
onthestage.ru:6521
krebson.ru:4685
stanislasarnoud.ru:5739
Targets
-
-
Target
rid.gif.sample
-
Size
367KB
-
MD5
871e489e879885db39c583b5cd90bc30
-
SHA1
19897738a379bfce7f1a19be11885f2334acadd8
-
SHA256
d50f7ead9e1d87a6b2f0812996bc8e4e9b1524b35324b75eeba9616cfc782b91
-
SHA512
b3a965841b33c55f0ab6d41a459eeeb66a29fd3b114bc82ccf953d0c459858755c97970152e346e794c2674a9cf9bd219014ecf344f3ce4ee2cfe9a2c4572fd3
-
SSDEEP
6144:aPeWTE1rkt826L4xd1EiftWt6empEVZlVISrt5AuK+FqktodbFQy+:aPbTE1rkt826L4xd1EiEt6empQ+uK+U8
Score10/10-
Mylobot
Botnet which first appeared in 2017 written in C++.
-
Mylobot family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1