General

  • Target

    9fdc1c2fc0708a8ce04f318ad50734a34102b5c103101880f458a6ca7cd87e19.zip

  • Size

    622KB

  • Sample

    240402-lyt55sdd8x

  • MD5

    52c1049be82f270ce8020f4bec130203

  • SHA1

    f6e9e8c453c8ed212f7fbdaa0d975ad9ac7e860d

  • SHA256

    c0f52e4b785468213b50ff87bfb72ad3ddf4d55d7443247a42ecbd7b6903e522

  • SHA512

    edc4a0a3f89b1de6bf7b832f35dda6f25bf0e775ec040f39b0507723dd5692aaa042d3c9af3f84c631bbbb343b9c8388b07a3b5a42dfcee0a9cef7e1cb1d8594

  • SSDEEP

    12288:E3ELKOeNKPbLUDboGvKJaC/6OfnpwPoI0JvhdZ3dSJPO6nrGdwkL5:E3uHbLqsGvAaC/6SpaoxfZ30hLrG9l

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      9fdc1c2fc0708a8ce04f318ad50734a34102b5c103101880f458a6ca7cd87e19.exe

    • Size

      1.4MB

    • MD5

      db0f04f92fa43b26b999b3ff1af172b3

    • SHA1

      157fbac62d17d232371e29135ea4b31878170435

    • SHA256

      9fdc1c2fc0708a8ce04f318ad50734a34102b5c103101880f458a6ca7cd87e19

    • SHA512

      edc52754deb5b806e402abef6ffa71cce15840489cd4bebfcc8634a87b8cc155f3fdbd6b9ceacd15e18d24f32d1bd5deb9835b670a1f289bca7accd82ee2e48c

    • SSDEEP

      24576:j3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6b:WmYqHU7pHYY00VcCDdowG3tMa6b

    Score
    10/10
    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks