MyloBot 2022 – Evasive botnet that just sends extortion emails?

From blog.minerva-labs.com

MyloBot 2022 – Evasive botnet that just sends extortion emails?

MyloBot was first detected in 2018 and was one of the most evasive Botnets at the time.  According to various reports, it incorporated different techniques such as: 

  • Anti VM techniques 
  • Anti-sandbox techniques 
  • Anti-debugging techniques 
  • Wrapping internal parts with an encrypted resource file 
  • Code injection 
  • Process hollowing –  a technique in which an attacker creates a new process in a suspended state, and later replaces that process’s code with the the malicious one in order to remain undetected. 
  • Reflective EXE – executing EXE files directly from memory, without having them on disk.  
  • Delaying mechanism of 14 days before accessing its command-and-control servers. 

Read more…