Overview

overview

10

Static

static

1

a06a36de9b...49.exe

windows7-x64

1

a06a36de9b...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849.zip

  • Size

    622KB

  • Sample

    240402-lyvfxadh67

  • MD5

    2336632f656e1ea61d053d0a8c9edaed

  • SHA1

    85d6822928ccbae33d07e6f11206b5a617219030

  • SHA256

    4c5e1fadb78a044e3199a5a26e448a44dafd35b8596c5f0c5bb963b43f76e57d

  • SHA512

    a84251c197c681f4712814aeab07d4b34b6faaf945c76dded42cbc33b6f900b4c4e6de975edf22f6d19e790c8f22a4a9d7e9fa0ef9f16b4a7524fbb560004d02

  • SSDEEP

    12288:FpTyqFp1ujdoDiJ+LTQ3/BPeEC1j8PlrVec0ahTToqw7Gb:F5nFfuhoDkYY4EVrIceLc

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849.exe

    • Size

      1.4MB

    • MD5

      b3fa794fdfb6b417ecdb135ff28b7899

    • SHA1

      83fe427d99d06744dfb0f3556105d54dd2c2f6cc

    • SHA256

      a06a36de9b35bf54940b70a0ba4c3f836e42613b51c96bc265ee8910c6ae1849

    • SHA512

      7aea585c01fe1ab92fa55fb638d7c10c7855cc38ecb0f3b9774bf1dd76ae0a46610689c75e4d48b02513598cabff638c1081c9856469569926046c0a2d57af82

    • SSDEEP

      24576:U3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:XmYqHU7pHYY00VcCDdowG3tMa6

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks