KEEPNET LABS > Blog > MikuBot – Steals Sensitive Data and Launches Hidden VNC Sessions

MikuBot – Steals Sensitive Data and Launches Hidden VNC Sessions

MikuBot was discovered by Cybele Research Labs specialists on a cybercrime forum. Designed to steal sensitive data or initiate secret VNC sessions for the purpose of stealing them. Also allows threat actors to do the following:. – Remote access to the victim’s computer. – Malware execution independent of third-party applications.

MikuBot – Steals Sensitive Data and Launches Hidden VNC Sessions

A new malware bot has been discovered by Cybele Research Labs specialists on a cybercrime forum called “MikuBot”. Mikubot is primarily designed to steal sensitive data or initiate secret VNC sessions for the purpose of stealing them. Not only that, but it also allows threat actors to do the following: – Remote access to the victim’s computer Other malware can be downloaded from the Internet Other malware can also be launched by C++ – This is the language in which the bot is written and is designed to run on all versions of the Windows operating system. The execution of the malware is independent of third-party applications and behaves like a standalone application. It should also be noted that the characteristics of Mikubot’s threat actors are as follows: – Software support is provided in full. Anti-virus products, which feature new encryption used to avoid being detected by TTP responsible for the management of malicious software use the following methods: – encrypted strings, dynamic API functions unique object names, techniques and tricks of threat actors emulation MikuBot price, for a limited time, as noted below using the panel they sell:- $1,300 (1.5 months)$2,200 (3 months) technical analysis The malicious file contains an encrypted payload in the data section, which is located in the resources section of the malicious file. When a malicious file is executed, it accesses the resources section and receives the encrypted payload. After that, the malware loads the UPX payload into the system memory and executes it. When this code is stored in memory, the malware creates a mutex to protect the code from being modified. To run this malware every 10 minutes, the malware creates an entry called this mutex in the task scheduler and uses it to run the malware every time. By stealing sensitive information from the victim, the malware sends it to the command and control server that hosts the malware. Financial fraud is often carried out by cybercriminals using malware purchased on secret forums and October additional services that do not require special skills. Individuals and organizations are more vulnerable to cyber-attacks and financial fraud due to selling malicious bots and services. For now, MikuBot will have limited functionality due to threat actors actively participating in the project. We can expect Mikubot to be more advanced in the future, as they are constantly improving their methods and improving their technology.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.