Etek

Blogs

New Variant – Mylobot Malware

Mylobot is a botnet malware, which infiltrates the Dark Web. It shows a high level of complexity based on evasion techniques. In terms of function, Mylobot can be used to download any payload, be it crypto mining, ransomware, banking Trojans, spyware, or other malware.

STEALTH PROCESSES

  • Anti-virtual (VM) and anti-sandbox: The malware looks for its local environment and if it finds a virtual machine, it does not run.
  • Anti-debugging: It generates behavioral alterations when viewing debugging programs.
  • Code injection: To stop system processes.
  • Suspended state: Generates a process in a suspended state and then replaces it with the one to be hidden.
  • Delayed mechanism: It remains inactive for an average of 14 days to generate a connection with the command and control servers.
Mylobot 2022

As soon as it is installed on the computer, Mylobot shuts down the Windows defender and Windows update processes, and at the same time blocks ports in the Windows firewall to be able to operate without being stopped. Additionally, when it detects the presence of any other malware, it proceeds to remove them to be the only attacker on the affected machine.

The expected damage depends on the payload that the attacker wants to distribute, this can be from ransomware, control of machine peripherals to generate extortion, activity monitoring, etc.

Ransomware

Indicators of Compromise (IOCs)

HASH

f4ba5e8f98fe70d764df71b7c390237b90ed0fc3408579a15a06ee56008a3531

Attacking Countries

The top 10 countries where attacks originated are Iraq, Iran, Argentina, Russia, Vietnam, China, India, Saudi Arabia, Chile, and Egypt.

Nodes

Use cases*:

  • Suspicious traffic from dangerous target IPs
  • Access control by geolocation

*To have these detections, the client must have contracted SOC services.

For more information you can consult the following sources associated with the news:

  • https://news.lumen.com/2018-10-29-Satori-botnet-resurfaces-with-new-targets
  • https://tech.hindustantimes.com/tech/news/this-sextortion-malware-is-dangerous-blackmails-with-cryptocurrency-here-s-how-to-avoid-it-71644991832068.html
  • https://thehackernews.com/2022/02/new-mylobot-malware-variant-sends.html
LinkedIn
Facebook
Twitter
Print
Email

Apply Now