From blog.minerva-labs.com
MyloBot was first detected in 2018 and was one of the most evasive Botnets at the time. According to various reports, it incorporated different techniques such as:
- Anti VM techniques
- Anti-sandbox techniques
- Anti-debugging techniques
- Wrapping internal parts with an encrypted resource file
- Code injection
- Process hollowing – a technique in which an attacker creates a new process in a suspended state, and later replaces that process’s code with the the malicious one in order to remain undetected.
- Reflective EXE – executing EXE files directly from memory, without having them on disk.
- Delaying mechanism of 14 days before accessing its command-and-control servers.