Overview

overview

10

Static

static

3

RIRS.dll

windows7-x64

3

RIRS.dll

windows10-2004-x64

3

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21112023_0007_RIRS.zip

  • Size

    1.7MB

  • Sample

    231120-tk28lahh3t

  • MD5

    24b6e579903a10857e0196f49feb5e31

  • SHA1

    98ed3d2872c169bff4de6bf0e08def4cb6fe063d

  • SHA256

    a13a66488151b47508a2dd043f8010ad91b96638c0b1a6f83ebbb82c4cb4fc5e

  • SHA512

    bc388dcca844c2839c128313df5b9f44734e64d009e0749010413904372c4d3635f701bd8e341433740aab1b1c8005df9648ed6bdf83cc87b1ed9ceff060e8f2

  • SSDEEP

    49152:iUWY2+P3eKWjZg+/TkCDAFWMpzTVg2jW+Kr0DKBXIeX5jY:ie2+PuKWlg+LunpzW2yDrCWvs

Score
10/10
pikabotbotnet

Malware Config

Targets

    • Target

      RIRS.dll

    • Size

      2.5MB

    • MD5

      b668a71aa710b1f08ea5ab5db97e89a4

    • SHA1

      10fc0ffa4850f290d72753129bbdac4369beffed

    • SHA256

      13b18fd073da904d326ad0b54281447a4a1c05678c8d2aa6361fa7f84e95e646

    • SHA512

      bc9677764290e6fb4a4f912bc70fff9e3e284ccade96f8e14b95e9a36cb3129662d8f21c83fb847497f98d3ad529a6f22e1d67b8f8885d64d404ea69ed638455

    • SSDEEP

      49152:921mU+j4kNwzaKPvghxk1CPwDv3uFmAVpzCTJueu+FNRdonOMyDWgEjGmH9g:9218wzakgDk1CPwDv3uFmAVpzybFNRKy

    Score
    3/10
    behavioral1behavioral2

    • Target

      launcher.bat

    • Size

      58B

    • MD5

      f627a4b4c2c27385f8f82152aa576808

    • SHA1

      a8d71fc8958dda6dea7165c46721061bd659da81

    • SHA256

      4f2b4b4a37ccd633ee482dba7190ef279d53d103cdb14bbf1d0cf3cf60cc2a1f

    • SHA512

      e9c1a0f88ad85199f63224142c35309fb0a15ae3d696706f8eece9e0026533068351fe8d7f3f9ea928ef590ac71c9bf81f887c70a214d3236271b7e01aba1e2b

    Score
    10/10
    pikabotbotnet

    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks