Byeby

Description

(Palo Alto) BYEBY was named based on a string within the malware itself. Most strings found within this malware are concatenated to 6 characters. One such example was an instance where a debug string contained ‘BYE BY’, which was likely a concatenated form of the phrase ‘BYE BYE’.

This malware is loaded as a DLL, with an export name of ServiceMain.

The malware is configured to accept a number of commands. These appear to be Base64-encoded strings that, when decoded, provide their true meaning. Only the beginning of the commands are checked. The Base64-decoded strings have been included for the benefit of the reader.

Names

Name
Byeby

Type

Backdoor

Information

https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.byeby

Other Information

Uuid

8ba1c2a6-3d3d-4dc7-82b4-6fb1913021ac

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Byeby

Byeby

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks