General

  • Target

    be992d892d7448e2fe6d6bb0f6de72fbb247ef068e6cbb8c302a2486a8aceebb.zip

  • Size

    622KB

  • Sample

    240402-lywc7sdd81

  • MD5

    5200b0576937589b9a259b9625783926

  • SHA1

    43e94f010974dd45094544259e1d89b5b24955b6

  • SHA256

    05eeb70b90fe983c68cf5d90b7bb611605de13f49db69477da3d8842306959cd

  • SHA512

    bdb9059a2a6ab9cbc041046f711b3a87a0c80c371eaa6fc850c48c61080b73a863614bea83088321b36ac5156f2d20da4915c22f0956796ad7ce428ac368ea0b

  • SSDEEP

    12288:u1w76MUvSMzxW8B0d8yVtGL/ggonAMqkbSAl7WAZ26iWg2drYu1:p2MUqMzxxB0heB8ArkbSApMu1

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

    • Target

      be992d892d7448e2fe6d6bb0f6de72fbb247ef068e6cbb8c302a2486a8aceebb.exe

    • Size

      1.4MB

    • MD5

      c38dd211b6f0360a53fc0c70fc6d3529

    • SHA1

      7670dbdaa159f4f82777899836d09047d5d739fb

    • SHA256

      be992d892d7448e2fe6d6bb0f6de72fbb247ef068e6cbb8c302a2486a8aceebb

    • SHA512

      c9062f598fe4721e96c7224424939dfa3890dcb6025396f8a64a993d74b9e596bd330e9c2d8c624d36550626389a87e6281d057c1bf28d3da6314ba66c77e8ab

    • SSDEEP

      24576:i3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:tmYqHU7pHYY00VcCDdowG3tMa6

    Score
    10/10
    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks