Overview

overview

10

Static

static

1

HJ.exe

windows7-x64

1

HJ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90856f462c1b28f7a692f1f39f7278b22eb8c06bbe83cd2186a1241724cfaabe.zip

  • Size

    623KB

  • Sample

    240402-lys8vadh64

  • MD5

    66689c483447c49922511948f3052911

  • SHA1

    e26ad483985f6eedd78b36e81562d9df00d9a4e0

  • SHA256

    114e164554fc107eddcf9fc71ffa791bc330597e7350a021bcdc3d4aabf7e6a8

  • SHA512

    951296ee8876613e9ea75d38b02e0e2b3f8a49159de6f721c0bdd76f5a41c9d8201364fc67c605d9f13e71113eb302f293ff69bd9aa4c7af8e99b2177b703787

  • SSDEEP

    12288:Y9v0b0NB2ZJKpAybraqH0uXOi6x91sB9aqN1zR3aYrkJ/kpUgMU0J5gqZv:K02M2Ay3aQH6x9u9aK1zR3awkJ/ku60d

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      HJ.exe

    • Size

      1.4MB

    • MD5

      7a36e1ebf13b1950a75851bd95c6aabd

    • SHA1

      68684e8fa82045bef1e132e0d4d9d215d4483c8f

    • SHA256

      8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806

    • SHA512

      0cd409b60d982cc549a91d9c7dd2b2b78ef169e0dbb0374f384cd8240cdc2078d29b6276d20994de1bbefffe499268b8941df87f00629b30ba8727f2f786dc0c

    • SSDEEP

      24576:u3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6N:JmYqHU7pHYY00VcCDdowG3tMa6N

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks