Overview

overview

10

Static

static

1

forecounsel.dll

windows10-2004-x64

10

Resubmissions

07-11-2023 16:40

231107-t6hfbabg8y 10

06-11-2023 14:10

231106-rgpf8adc48 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    forecounsel.dll

  • Size

    2.1MB

  • Sample

    231107-t6hfbabg8y

  • MD5

    a6d4a12f1c3c1d68ac3483f546144328

  • SHA1

    e5bccdd808c66f618cdb02246be76506eb5dda06

  • SHA256

    b6fc374e778c7abe998f4318b17dc4085885a81fe633da51581285fa2c46ec73

  • SHA512

    7c56824ab0fb1107826e2e9baac1d0b4808a791bbce48d6c8b2da1525b8e0d7770c6e3432ac47e8e2d3df22881cad56e4d38dde64bdbef37bd9d7be3162b30d3

  • SSDEEP

    49152:4zdqXJqxcLD0YvMf/HyUZwnYVFQkcCZLoCWtZqPpu:4YUxqD0CINmnYVFQkcCZLoxtZqPp

Score
10/10
pikabotbotnetcore

Malware Config

Targets

    • Target

      forecounsel.dll

    • Size

      2.1MB

    • MD5

      a6d4a12f1c3c1d68ac3483f546144328

    • SHA1

      e5bccdd808c66f618cdb02246be76506eb5dda06

    • SHA256

      b6fc374e778c7abe998f4318b17dc4085885a81fe633da51581285fa2c46ec73

    • SHA512

      7c56824ab0fb1107826e2e9baac1d0b4808a791bbce48d6c8b2da1525b8e0d7770c6e3432ac47e8e2d3df22881cad56e4d38dde64bdbef37bd9d7be3162b30d3

    • SSDEEP

      49152:4zdqXJqxcLD0YvMf/HyUZwnYVFQkcCZLoCWtZqPpu:4YUxqD0CINmnYVFQkcCZLoxtZqPp

    Score
    10/10
    pikabotbotnetcore

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • pikabot_core

      Detects pikabot core payload

      core

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks