General

  • Target

    dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip

  • Size

    452KB

  • Sample

    240402-mk8baafe47

  • MD5

    4a1222e15508c2052fab04bdb91d244f

  • SHA1

    5d64771ec6d299629bada1642b7c0b46acbdb41e

  • SHA256

    0c74a497b05870e841cfa733c3ceb5ee76ff99b33a5071c764d04bcebb1106c1

  • SHA512

    e026e05f8e5ab22f2083f4607314a378412ea436075a54cb6fead1a9ab68727c7c26d3394d8452aada1c7c3e76d9b311511252b7ef34ecde3e04db61ad2e3b71

  • SSDEEP

    12288:vBxT58G656qd0mG9y5lRpkofGbjEeeLOqJiCCrB649X:nT66h94R/mjEe4OXF62

Score
10/10

Malware Config

Extracted

Family

pikabot

C2

154.53.55.165

158.247.240.58

154.12.236.248

Targets

    • Target

      dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

    • Size

      840KB

    • MD5

      bcc53210e13294cbd6a8172558d99295

    • SHA1

      02f78e1449ce844dc2807d850aab397d34ec35aa

    • SHA256

      dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf

    • SHA512

      c78653407e87f4cd28bef5b9f1571039948dfce2c771ae9c2357160d97c6596f640887bbf898001f251ae4c62f727e25a5adb2487b7b583c73bf5f3dc0f2dda2

    • SSDEEP

      24576:2e9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:lBmpSVmLfCDfPJ4cDFPhmghE

    Score
    10/10
    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks