Overview

overview

10

Static

static

1

a115db9a3c...22.exe

windows7-x64

1

a115db9a3c...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a115db9a3cb90187e62478feaddeccd5ac3b7a3685a617a55e14c7f2ce7d9c22.zip

  • Size

    622KB

  • Sample

    240402-lyvfxadh68

  • MD5

    19e2a94a7c0cf96794d493f3fd22d2e7

  • SHA1

    993ffa8cbf3e67a5d4a3b53f1f48cee4ddbbac02

  • SHA256

    ff91850efde25013e4103ddb07bc6714d7a6ed68d62b49be768cc816e4ca9f6f

  • SHA512

    11c491614142eab770ebe4009f50257383d0e88c1ff123a2ed25fbf14172c7e3f8eb9e455b42c28d74c8643f776ba6f620c3cc87cbb8fe8d464c691d401be45e

  • SSDEEP

    12288:FdmbFPqF+43ugL/8HOeDmpaGFnUPSAppYDF+eAA2s8of/XnwO:vQgE43fLkueDmpaGySopYDb526/D

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      a115db9a3cb90187e62478feaddeccd5ac3b7a3685a617a55e14c7f2ce7d9c22.exe

    • Size

      1.4MB

    • MD5

      2fae802c81517eaab9ff2bf5b683e4de

    • SHA1

      daa05decf710cc32ceb515f0451e478042521b48

    • SHA256

      a115db9a3cb90187e62478feaddeccd5ac3b7a3685a617a55e14c7f2ce7d9c22

    • SHA512

      1faf1f08cda60b1dcead91d84cfd398e1e7843e49cdf5c8b67607c1fb7d118b315baae35fae9d64ca9f48dab3b4a98d81ea1d5f3bbc99adf32606f24744832f9

    • SSDEEP

      24576:m3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6D:BmYqHU7pHYY00VcCDdowG3tMa6D

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks