Overview

overview

10

Static

static

3

17112023_2...__.dll

windows7-x64

1

17112023_2...__.dll

windows10-2004-x64

1

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20112023_2129_17112023_2229_Anesthesiology__.zip

  • Size

    1.1MB

  • Sample

    231120-qrlbwagc23

  • MD5

    8ba30e7f1bc0f1af19918058880ccfb3

  • SHA1

    b9da9bca0d8572ff34bb1f3cbe1fa4bd1ede22b9

  • SHA256

    21862f74b9a3c8ab1b83aa71b5334b056015599ff4c864c1c37ca00df8732e42

  • SHA512

    ce80f36f5fce07276cd23140b665993bdaa49f30865d50d92fdd9ab9e0104e067bab6aec55e1f9ba3e813442a167ec8f8bb74f6dc51c685012e5a50db8537119

  • SSDEEP

    24576:8vZ9n0U9jLAg6E95zwm2CKpY6sxVcqMPuFiB4mIL5Zcj7xIMAY9GM:8vvX9R6Hm2ZpY3xZMYjlLgj9T9b

Score
10/10
pikabotbotnet

Malware Config

Targets

    • Target

      17112023_2229_Anesthesiology__.dll

    • Size

      1.6MB

    • MD5

      ee8ecace1c6a2a5f112de7261051080a

    • SHA1

      5c11b97e44d7b6684a5b3781aa676019ee436c88

    • SHA256

      e88d394fbf29fec83a119f86f2c338a3c9997872b971294d973c16f65c53f0a6

    • SHA512

      6a76144b7600b184aee25e7b8ea18fd272f28c5651ad61362afde330e3b09991fa365fb0866f27cafe451de04db2067f60024902d77d276054c90f2bd8ab49dc

    • SSDEEP

      24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8B:IvZ9djrT/HLlvIYabSymLyQYGAHgO

    Score
    1/10
    behavioral1behavioral2

    • Target

      launcher.bat

    • Size

      85B

    • MD5

      11b18328dbf6f85ca1114d86cbb2cc38

    • SHA1

      49db5b4ea10b9de6582af949d3c9dcf4f1b400fc

    • SHA256

      89e8bc784d49ff6dbbf1670222458fa4cf2e4bb736f18bf2d17ccc06a1c4ba21

    • SHA512

      2696f155124c09db32ce58a3393bdf6144a03c3aecd4eadfbaa9f3525a1134bd513ea2e7457dd3dfb2828007578b97a54ed2f91313d57bf1dc6a2d45d6ea3cad

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks