Overview

overview

10

Static

static

3

ENIM8u.iso

windows7-x64

3

ENIM8u.iso

windows10-2004-x64

3

out.iso

windows7-x64

1

out.iso

windows10-2004-x64

1

document.docx.lnk

windows7-x64

3

document.docx.lnk

windows10-2004-x64

10

inf2.dll

windows7-x64

3

inf2.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ENIM8u.img

  • Size

    1.2MB

  • Sample

    231214-137z5aghal

  • MD5

    70e21c85d241bc5c7e1e41b6bb709ce0

  • SHA1

    d3bb0d4bf36e095c39fe1552a9440ecacec901d8

  • SHA256

    01193e9155a79c013ea3ba070142a3ccca0c96cde502a302c37e375f18d38002

  • SHA512

    02d40edfe3d2d807f4d63a6d4322fa7402a1840a6edeb15e5540cfe0ffaf24db4e717f902cafd201d1ec8d5862e812e1458bfd05a9686a4050be8afd42480871

  • SSDEEP

    24576:50LPo6+J+dxYv7IQF8Z+nZlFlMfNpRYKrHabx6SqoUTb5dXGredODkYgn4iD:oo6+J+dxYv7II8bExk3XGredOR1i

Score
10/10
pikabotbotnet

Malware Config

Targets

    • Target

      ENIM8u.img

    • Size

      1.2MB

    • MD5

      70e21c85d241bc5c7e1e41b6bb709ce0

    • SHA1

      d3bb0d4bf36e095c39fe1552a9440ecacec901d8

    • SHA256

      01193e9155a79c013ea3ba070142a3ccca0c96cde502a302c37e375f18d38002

    • SHA512

      02d40edfe3d2d807f4d63a6d4322fa7402a1840a6edeb15e5540cfe0ffaf24db4e717f902cafd201d1ec8d5862e812e1458bfd05a9686a4050be8afd42480871

    • SSDEEP

      24576:50LPo6+J+dxYv7IQF8Z+nZlFlMfNpRYKrHabx6SqoUTb5dXGredODkYgn4iD:oo6+J+dxYv7II8bExk3XGredOR1i

    Score
    3/10
    behavioral1behavioral2

    • Target

      out.iso

    • Size

      1.2MB

    • MD5

      70e21c85d241bc5c7e1e41b6bb709ce0

    • SHA1

      d3bb0d4bf36e095c39fe1552a9440ecacec901d8

    • SHA256

      01193e9155a79c013ea3ba070142a3ccca0c96cde502a302c37e375f18d38002

    • SHA512

      02d40edfe3d2d807f4d63a6d4322fa7402a1840a6edeb15e5540cfe0ffaf24db4e717f902cafd201d1ec8d5862e812e1458bfd05a9686a4050be8afd42480871

    • SSDEEP

      24576:50LPo6+J+dxYv7IQF8Z+nZlFlMfNpRYKrHabx6SqoUTb5dXGredODkYgn4iD:oo6+J+dxYv7II8bExk3XGredOR1i

    Score
    1/10
    behavioral3behavioral4

    • Target

      document.docx.lnk

    • Size

      1KB

    • MD5

      1b8361e2f1b058a9791047dce0df57c4

    • SHA1

      3cd3750507971e8f9eef55249e5b2646855652c6

    • SHA256

      4c267d4f7155d7f0686d1ac2ea861eaa926fd41a9d71e8f6952caf24492b376b

    • SHA512

      c084582e40cc3739e08677b6523c355a297185d37747f853b363c1e0053ca3c753ee4b6b86d3d89f72dfbdae8b4805d63a0223f9e371bcc6bddc9fd053eea77c

    Score
    10/10
    pikabotbotnet

    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      inf2.dll

    • Size

      1.1MB

    • MD5

      491de488716811cf6c432a435a413688

    • SHA1

      469567c2bf172c4e0d270b085ae9acaf0559c066

    • SHA256

      eead7f5b6f1282ad988238cc8c39292fa99ea416f7793038a20e5caabe93112a

    • SHA512

      b7957da02eefa228900bbe1f3c1a5080c142be8d4311c748e921241ade7e4f3ae975d654464939d705a96d0bdcd7e94974fdb74ecc44b1a283c0ea47c894bb24

    • SSDEEP

      24576:j0LPo6+J+dxYv7IQF8Z+nZlFlMfNpRYKrHabx6SqoUTb5dXGredODkYgn4iD0:Oo6+J+dxYv7II8bExk3XGredOR1iY

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks