pikabot | 1428-1-0x0000000000310000-0x0000000000328000-memory[.]dmp | Triage

Sharing

General

Target

1428-1-0x0000000000310000-0x0000000000328000-memory.dmp
Size

96KB
MD5

358665791ab6029cae9af9febba95685
SHA1

db9acafee39e12aa51b4147dfc2a750c29c17eb6
SHA256

9c6679cf48240afa4e75051042c10479f0e0dabb2ca00403ce3e0e5da36bec02
SHA512

548d93332c2f07323eb6ebd05c75817c3b24f8167c06fe6d332079b405af8cbf700c6eb530a655c618a2244bfd2486548e1ef18cf5137e90e8701e87dbe5b7db
SSDEEP

1536:xnNnlUZo2RwxFqd5AxgWP415DTtSix8d1CcoyLNJyX7DwN:NJlUCk8Fy5tvvtTxOdRCDe

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

C2

141.95.106.106

104.129.55.106

104.129.55.105

23.226.138.161

145.239.135.24

85.239.243.155

23.226.138.143

57.128.165.176

178.18.246.136

Signatures

Pikabot family
pikabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1428-1-0x0000000000310000-0x0000000000328000-memory.dmp

Files

1428-1-0x0000000000310000-0x0000000000328000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ