Overview

overview

10

Static

static

1

8eab535445...06.exe

windows7-x64

1

8eab535445...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806.zip

  • Size

    622KB

  • Sample

    240402-lysx3sdh63

  • MD5

    80558c17bf9206670049bdc851e16ddc

  • SHA1

    098aae51e8d5f8767b4a3773021640e4b2a917e9

  • SHA256

    a833610afa0a6308a50a55b77f07a9043c3fceedf8ac23fc434b056a786e6d7f

  • SHA512

    860e2aa50a84e663e250a8564731f4f7890860efd1215407389ec52d90ba99c63ffd910d641a16ca16e2c9b2e2e316c7dba09b3fc813f692e87ea66c8863b708

  • SSDEEP

    12288:RPnC13JdDm9kWYDpsC5Z3cqZnQfWtKY/8uNmcYCGVA2ZS3a119Rw:RcJJm2ZHjzZngFuOCGKGBE

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806.exe

    • Size

      1.4MB

    • MD5

      7a36e1ebf13b1950a75851bd95c6aabd

    • SHA1

      68684e8fa82045bef1e132e0d4d9d215d4483c8f

    • SHA256

      8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806

    • SHA512

      0cd409b60d982cc549a91d9c7dd2b2b78ef169e0dbb0374f384cd8240cdc2078d29b6276d20994de1bbefffe499268b8941df87f00629b30ba8727f2f786dc0c

    • SSDEEP

      24576:u3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6N:JmYqHU7pHYY00VcCDdowG3tMa6N

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks