General
-
Target
pikabot_feb_8.zip
-
Size
537KB
-
Sample
240209-lgts2sab3z
-
MD5
287de22eee7ae35a629f5e4364d254b1
-
SHA1
02fa63eb8964c19e37bda6d4efd1fcffa3638e88
-
SHA256
2be644cec6f2caf1ddf4e404d2b381c933b926b4d90337230f42013c0b9c7ffa
-
SHA512
b4f6892a80b90c95d381fd115900b9f35f5b9a1d8d8d68458aa33c8e9398c9336d5291aea011a4db3594eed8d85470257f00fba61aa9b70695097a7c95063183
-
SSDEEP
12288:0WCC5LImgUR0rSSgyxcvmeb1HsT5TDKAfYsjckqfOq+RiyRjdbMylzep6G+kUmWQ:ICxB/SrSE6sTxdfYsUfO1RiyZdbMnEG9
Malware Config
Targets
-
-
Target
pikabot.dll
-
Size
731KB
-
MD5
557de697a1edffc6186a399975b4d52e
-
SHA1
add23b100d7777dc91f09e80696b1b91d4d3d467
-
SHA256
2f8254fe651cf750b0ca28a83c1f430857a7981c5a2f0cd220b4ce96a1aa1d6c
-
SHA512
7855990e4adb7ec8c01d5b623c2ae0aafae5e9908cba0ea9bc20ad9152800627f95c8b6ac27ba2780e6150e93510ce903684a0f285418fe9a439efcd69a5fbce
-
SSDEEP
12288:L88tpQmNwfp6/dNE2uIigUp+CQ/EAr06DggYmpEj7N904+G5ciTHMgxiQt1cb:Q8PQGwB6/IRgTEoDg6pEj7N94G5BTHx
Score3/10 -
-
-
Target
run.bat
-
Size
51B
-
MD5
3044c13a564ee6bd79c39265b2fde131
-
SHA1
cff15aa8a701795e9f33b74862a6543c66fd5907
-
SHA256
4a5ba34c467a320db4a3da2512cf455f9dabf573fd41f5c1ba13becd70cc31aa
-
SHA512
732677b92c94638f477d4b22e94485a8b59fc0bd90bd35ba9fc2497f2fbdca197acd89b432a7ad6f4bc375c28a02aa49248efebfb68a285f94d74adad7d56956
Score10/10-
Detects PikaBot botnet
-
PikaBot
PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Suspicious use of SetThreadContext
-