General

  • Target

    7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e.zip

  • Size

    630KB

  • Sample

    240403-xng9daab69

  • MD5

    48d2462d9909c469c77a9f2cdd6e5a52

  • SHA1

    3d4811e66f96ec755ae6e4fd21efa3b0969a7812

  • SHA256

    e870524c78cc42950cfa7ee6e826343e6eae70988701f54374e8effc3c9364ef

  • SHA512

    66e4d7ae6cfafd9ba312251db02e3c82957c6a4757891afbc74321e81a6bc820d78e63f64e2fb89a2ab731d1c5c58ba192828da3c921a36d49c4120081ddda09

  • SSDEEP

    12288:NzH+YIv2rj89bbSxweQYTl3vf402T/Hoh57UKElby6dlNcwyrB1+Pvp3x:xeYIurjcbbot3vfaCXExl6NQ1x

Malware Config

Extracted

Family

pikabot

C2

https://158.220.95.214:5243

https://64.23.199.206:1194

https://172.232.208.90:2223

https://213.199.41.33:13721

https://194.233.91.144:5000

https://158.220.95.215:5242

https://84.247.157.112:13719

Targets

    • Target

      7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e.exe

    • Size

      1.3MB

    • MD5

      3e56975127f436aa5e8a9b9c7af5eb23

    • SHA1

      acbf171b31c25a66d7af44bf9e1f5666acaa3f2c

    • SHA256

      7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e

    • SHA512

      f1a2d4dcc0531ee08c3b5e407b7e250743c15d0e2f320a9d74e933a94791d1185a9dc6f5f28b9e3bc8bbc364b3c98fc72e936c45b88279c773ea4507e24b3e9f

    • SSDEEP

      12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Pikabot family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks