Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849.zip
-
Size
622KB
-
Sample
240402-lyvfxadh67
-
MD5
2336632f656e1ea61d053d0a8c9edaed
-
SHA1
85d6822928ccbae33d07e6f11206b5a617219030
-
SHA256
4c5e1fadb78a044e3199a5a26e448a44dafd35b8596c5f0c5bb963b43f76e57d
-
SHA512
a84251c197c681f4712814aeab07d4b34b6faaf945c76dded42cbc33b6f900b4c4e6de975edf22f6d19e790c8f22a4a9d7e9fa0ef9f16b4a7524fbb560004d02
-
SSDEEP
12288:FpTyqFp1ujdoDiJ+LTQ3/BPeEC1j8PlrVec0ahTToqw7Gb:F5nFfuhoDkYY4EVrIceLc
Malware Config
Extracted
pikabot
109.199.99.131
154.38.175.241
23.226.138.143
23.226.138.161
145.239.135.24
178.18.246.136
141.95.106.106
104.129.55.105
57.128.165.176
Targets
-
-
Target
a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849.exe
-
Size
1.4MB
-
MD5
b3fa794fdfb6b417ecdb135ff28b7899
-
SHA1
83fe427d99d06744dfb0f3556105d54dd2c2f6cc
-
SHA256
a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849
-
SHA512
7aea585c01fe1ab92fa55fb638d7c10c7855cc38ecb0f3b9774bf1dd76ae0a46610689c75e4d48b02513598cabff638c1081c9856469569926046c0a2d57af82
-
SSDEEP
24576:U3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:XmYqHU7pHYY00VcCDdowG3tMa6
Score10/10-
PikaBot
PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
-
Suspicious use of SetThreadContext
-