General

  • Target

    75f4edba2b9e0fb97cd1d3a6305d1e3d.bin

  • Size

    428KB

  • Sample

    240124-c7grqsgeaj

  • MD5

    75f4edba2b9e0fb97cd1d3a6305d1e3d

  • SHA1

    9db30834a72135e369463e182636344dfb3ffc7c

  • SHA256

    b1263712725839298cd4c3c0bd10e881cc848244f386d66e2fd1348f0a3ec236

  • SHA512

    420a1c031e93265c801153a2485cb06eb2be3a2e949c60e6ab1398892625b0b5322ad40f3cd3bab75d97afdecc13b7057c659ebba7c12044cc37930e1fc55824

  • SSDEEP

    12288:tBM0g5Iu7fzuH/fXl5i3dWl/UgZ9g8nXa+/90U:b1gaufunTUgZ9PjqU

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

192.248.174.52:5631

109.123.227.104:2221

65.20.98.24:13783

154.38.184.3:2223

155.138.203.158:1194

210.243.8.247:23399

139.180.185.171:2222

154.221.30.136:13724

65.20.82.254:5243

Targets

    • Target

      e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81.dll

    • Size

      507KB

    • MD5

      a0b9376d1a46e876fe056dd89b79dfca

    • SHA1

      1b363e22c6a51341e16ef4a1177596504974e066

    • SHA256

      e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

    • SHA512

      08a9b9de4b8ff6aebe1f9846e5e1994370796b4aa19613178dc320482cf68bf2ee1fb66e7925e1e4887febf398457f04e2193d48b7198d050e6666125802b946

    • SSDEEP

      12288:nljxPw/KI5MGpBRTf4LvGCAotHnG4CEu+AvHuzfsdzjbHgRV:zPkKIGsBRTydjG4GxbHU

    Score
    10/10
    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks