Overview

overview

10

Static

static

1

30a98dc572...34.exe

windows7-x64

1

30a98dc572...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30a98dc57205976c73da2f404890c899c7d84db61572e1dce0e80b3f06b48934.zip

  • Size

    622KB

  • Sample

    240402-lymq3add7v

  • MD5

    24088892b3e0d4c6ffbf64e40a48908b

  • SHA1

    62a4dd681e9f459ebc2c8b621c8fe7e3ba986b67

  • SHA256

    9c1afa716e01b0e6c26e0e22a4187d338342b28557eabcbc9248ee55fd69a10d

  • SHA512

    6e7cc68683b0165ddd40a8426d3ccd58175187730d532b84490da109e317707a3a4ef32132877432967ba841abe2b96443ab9148e089fccf61cc48c85a8ca66a

  • SSDEEP

    12288:Q7bbeh70FS46MResZEj/6sQK6g0QVhqA81SgZRFApBLDsA/KERkpkQcqwbX7:Q7Hei8MUjD0ch181SgZk/LKEekR

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      30a98dc57205976c73da2f404890c899c7d84db61572e1dce0e80b3f06b48934.exe

    • Size

      1.4MB

    • MD5

      583fd2f0df26aa7b01790e603657e441

    • SHA1

      51eb33cd047c581abe9f096d1f729c0b90d17478

    • SHA256

      30a98dc57205976c73da2f404890c899c7d84db61572e1dce0e80b3f06b48934

    • SHA512

      50cd8d67c94bf8dc4ceae240d0eb845967eefd5286d0b848fbf7a208f5faa476848074222a2f365763b721bcbeb6a3e77ab569954f30cf3ed32768ae5d19d867

    • SSDEEP

      24576:p3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:0mYqHU7pHYY00VcCDdowG3tMa6

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks