General

  • Target

    55s.zip

  • Size

    24.1MB

  • Sample

    240315-heedssab61

  • MD5

    02375c7b83c86fc9d6019a1e0d646a42

  • SHA1

    d7ab27f83c9ff0f3b16247763bae59e13e23ac3c

  • SHA256

    83a3bf48e107fb7142f29b6a3d2fe0b78aca9e91a8f648f05c99af05827120e5

  • SHA512

    f1bf1ddc44b6894bbd2546fc6b18f7c7d215475671d1fbb63a864da3b4542f62700e5b78c2e8c30c49387770a35022a0413a06fe20b2fb352ab5c295160fd91e

  • SSDEEP

    786432:zfEoA/+591lygSsu5ToI4N+lCFkvniNlcPZa:jEoS+592toI4NwCFxNlt

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

154.53.55.165

158.247.240.58

154.12.236.248

Targets

    • Target

      a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f

    • Size

      840KB

    • MD5

      9f81f7463f720ee4de86ba4c7c5db8e1

    • SHA1

      0a6559d54a477052ee309b4f78119627cb1dafab

    • SHA256

      a83f6e7a71d300c1f5dd457d848a9859eebef336b3447e5623c37fc8077fa42f

    • SHA512

      7d298c1a3ec9505c7de49a48d4af9a87a7d38d23795f48383659c5869d7337117398bbb8db0d4af6bbdce434c3868e314a3cb033c3b3593de2902c8d1856a06f

    • SSDEEP

      24576:Me9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:rBmpSVmLfCDfPJ4cDFPhmghE

    Score
    10/10
    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks