General

  • Target

    e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

  • Size

    507KB

  • Sample

    240327-h32t1aac5x

  • MD5

    a0b9376d1a46e876fe056dd89b79dfca

  • SHA1

    1b363e22c6a51341e16ef4a1177596504974e066

  • SHA256

    e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

  • SHA512

    08a9b9de4b8ff6aebe1f9846e5e1994370796b4aa19613178dc320482cf68bf2ee1fb66e7925e1e4887febf398457f04e2193d48b7198d050e6666125802b946

  • SSDEEP

    12288:nljxPw/KI5MGpBRTf4LvGCAotHnG4CEu+AvHuzfsdzjbHgRV:zPkKIGsBRTydjG4GxbHU

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

192.248.174.52:5631

109.123.227.104:2221

65.20.98.24:13783

154.38.184.3:2223

155.138.203.158:1194

210.243.8.247:23399

139.180.185.171:2222

154.221.30.136:13724

65.20.82.254:5243

Targets

    • Target

      e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

    • Size

      507KB

    • MD5

      a0b9376d1a46e876fe056dd89b79dfca

    • SHA1

      1b363e22c6a51341e16ef4a1177596504974e066

    • SHA256

      e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81

    • SHA512

      08a9b9de4b8ff6aebe1f9846e5e1994370796b4aa19613178dc320482cf68bf2ee1fb66e7925e1e4887febf398457f04e2193d48b7198d050e6666125802b946

    • SSDEEP

      12288:nljxPw/KI5MGpBRTf4LvGCAotHnG4CEu+AvHuzfsdzjbHgRV:zPkKIGsBRTydjG4GxbHU

    Score
    10/10
    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks