Overview

overview

10

Static

static

1

Installer (1).msi

windows10-2004-x64

10

Resubmissions

28-12-2023 13:55

231228-q77j2seeb9 10

15-12-2023 22:14

231215-15mf7shecm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Installer (1).msi

  • Size

    1.4MB

  • Sample

    231228-q77j2seeb9

  • MD5

    f3805cdf687890992345aaa4577b86a4

  • SHA1

    697362f0a495bc1fc692f8bc3b12a81522404cc5

  • SHA256

    514a0ef6240663664b3a3e06dabdb297841a7e37eaeac65bafbce1efd456a7e1

  • SHA512

    6ad1f3ccbbb47e6599548946bca269b4313ffac918516e8ba4bd00dfb078c0dd166d7fac1289eaeb6697e75c8fc20ecd48632914c15dbe10c642fd98f40f6142

  • SSDEEP

    24576:jn0CgtRH3nOX1FIhp5DJ4suxNVTK+ucjByw+Z5cYokzJV+H4:T0LUItD0T9KjHJzJl

Score
10/10
pikabotbotnetdave

Malware Config

Targets

    • Target

      Installer (1).msi

    • Size

      1.4MB

    • MD5

      f3805cdf687890992345aaa4577b86a4

    • SHA1

      697362f0a495bc1fc692f8bc3b12a81522404cc5

    • SHA256

      514a0ef6240663664b3a3e06dabdb297841a7e37eaeac65bafbce1efd456a7e1

    • SHA512

      6ad1f3ccbbb47e6599548946bca269b4313ffac918516e8ba4bd00dfb078c0dd166d7fac1289eaeb6697e75c8fc20ecd48632914c15dbe10c642fd98f40f6142

    • SSDEEP

      24576:jn0CgtRH3nOX1FIhp5DJ4suxNVTK+ucjByw+Z5cYokzJV+H4:T0LUItD0T9KjHJzJl

    Score
    10/10
    pikabotbotnetdave

    • Detect Pikabot payload

      Detect Pikabot payload.

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks