Overview

overview

10

Static

static

3

inf2.dll

windows7-x64

3

inf2.dll

windows10-2004-x64

3

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21112023_1727_inf2.zip

  • Size

    828KB

  • Sample

    231121-lez72sec8v

  • MD5

    e5b3ac1c9b784feec61401a3b3f81ece

  • SHA1

    dbe84264b6a722aae5ea014f7a8694bb0f0669a1

  • SHA256

    a0434d04361c1d13481971f4072681781b2075a5c8025c028ef85f50357b808c

  • SHA512

    9d45b54c47507676301465faeec564a084c637575c4023578143f3c2427e2532a9bffd7ef42063e9911d46c85511d157caf1c10d427339afb12630da3cbc6031

  • SSDEEP

    12288:tsiK+b54D8pFF3B9s2XJMGYxnNHqmmXSd6oFpnqWIuGzTHuJp8oVO86i+S:4o54DSpyPHqmOSd6oUzjkvbH+S

Score
10/10
pikabotbotnet

Malware Config

Targets

    • Target

      inf2.dll

    • Size

      1.1MB

    • MD5

      491de488716811cf6c432a435a413688

    • SHA1

      469567c2bf172c4e0d270b085ae9acaf0559c066

    • SHA256

      eead7f5b6f1282ad988238cc8c39292fa99ea416f7793038a20e5caabe93112a

    • SHA512

      b7957da02eefa228900bbe1f3c1a5080c142be8d4311c748e921241ade7e4f3ae975d654464939d705a96d0bdcd7e94974fdb74ecc44b1a283c0ea47c894bb24

    • SSDEEP

      24576:j0LPo6+J+dxYv7IQF8Z+nZlFlMfNpRYKrHabx6SqoUTb5dXGredODkYgn4iD0:Oo6+J+dxYv7II8bExk3XGredOR1iY

    Score
    3/10
    behavioral1behavioral2

    • Target

      launcher.bat

    • Size

      58B

    • MD5

      b2f5850d6e5fa7247b33e72254653a56

    • SHA1

      35538388d294259df30f4d9d68f00b75c5f60696

    • SHA256

      c39dcd3c17b7584821e73ec7fd48faf9d7cc36a25bb6a0dcb0db16b3fdacfd13

    • SHA512

      c64fb0dc93107ddf54ac692288a82df15071e7ede56e1ec81f43bef36c43833fc0c6dd1cbde79ff8810e3623adf6d04a3d099e0da76f9bc16cd0aad7cf9f1b9a

    Score
    10/10
    pikabotbotnet

    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks