Overview

overview

10

Static

static

1

a976728c8b...f9.exe

windows7-x64

1

a976728c8b...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a976728c8b3844328f0f7032c88071a33061f01df85c39a87aade7c2695455f9.zip

  • Size

    622KB

  • Sample

    240402-lyvrnsdh72

  • MD5

    fb07e992aff41398ad60e9cf4078c4e8

  • SHA1

    71497749dd3230abeffd57f9a527415aebc69c22

  • SHA256

    9bd4c81631f364dc85e20eb2527ced13bb011affbed69cd9b6a63c4dd77ff314

  • SHA512

    08ae6e97d60518b799268c8a35b45010876036f4a86c0dee6aafcebe1293112d4606c592d97a3b5dcaeb777d609cc8332d8d6d0bb0f98f36b86b0eb0e7c81cb8

  • SSDEEP

    12288:plT7fxNi66Ky5sKoAsqh9273xSFJegWIRnBapV4XBPZLKA01eM:zfxg66KOwqXw+AgWIcVwm8M

Score
10/10
pikabotbotnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      a976728c8b3844328f0f7032c88071a33061f01df85c39a87aade7c2695455f9.exe

    • Size

      1.4MB

    • MD5

      888a002b147299a9cd71990805cd45b5

    • SHA1

      77728b240c79f030834dbedde43edb6d416e11ad

    • SHA256

      a976728c8b3844328f0f7032c88071a33061f01df85c39a87aade7c2695455f9

    • SHA512

      2890b457b42dda3663d0bab7421c224c22292fd3e4fdc2be2658021401ba8f1a0b4e2c8d551dbcbad053a38fde6f55ff54a6383eb0c8607bf17100fc163dc529

    • SSDEEP

      24576:n3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6m:KmYqHU7pHYY00VcCDdowG3tMa6m

    Score
    10/10
    pikabotbotnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks