General

  • Target

    dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip

  • Size

    452KB

  • Sample

    240402-qtk4wsbe4z

  • MD5

    6b2bdc5f691431e0723f65564ad1a90d

  • SHA1

    91b4f2979d052195e9cf59c6384024089d401779

  • SHA256

    6246f43bd1a5ef67db2a2170cf12bef8bfbbcc58f3f9a9072832d3ac20729a42

  • SHA512

    d83263aa4a5357622e7c54cbb6b15d9f2e482c5ae11411ac6db7036afe8b242b096d4c50cb7dcf8022636df1fafdb5d881c0b01833a460a43da12c32b9a6d50d

  • SSDEEP

    12288:YVTvsFnSbOjlDmzCO7WhezdBNBKQuy5jXA9a6odd:YVTF6pV6gWdjBnQ6d

Malware Config

Extracted

Family

pikabot

C2

https://154.53.55.165:13719

https://158.247.240.58:5688

https://70.34.223.164:5000

https://70.34.199.64:9785

https://45.77.63.237:5687

https://198.38.94.213:2224

https://94.72.104.80:5000

https://84.46.240.42:2083

https://154.12.236.248:13722

https://94.72.104.77:13724

https://209.126.86.48:1194

Targets

    • Target

      dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

    • Size

      840KB

    • MD5

      bcc53210e13294cbd6a8172558d99295

    • SHA1

      02f78e1449ce844dc2807d850aab397d34ec35aa

    • SHA256

      dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf

    • SHA512

      c78653407e87f4cd28bef5b9f1571039948dfce2c771ae9c2357160d97c6596f640887bbf898001f251ae4c62f727e25a5adb2487b7b583c73bf5f3dc0f2dda2

    • SSDEEP

      24576:2e9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:lBmpSVmLfCDfPJ4cDFPhmghE

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Pikabot family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks