General
-
Target
DISTINCTIOQ.jar
-
Size
337KB
-
Sample
240423-ppf4psgc64
-
MD5
e3201b7efe4dee74389d9c358f3c1798
-
SHA1
560a5875a00a75829ce916564f6dc3eee13d2c42
-
SHA256
267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b
-
SHA512
d90e4db4066625e48509225e3e4028187c40fe401afafef92e20e967ea3370d0b41b170658936781ca1e1ca68b6d02766f9d97b2f5c910e8d33731828bb5e21b
-
SSDEEP
6144:nAqn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDXVP:AA4qfA93BdTk3OeFXg3iDWhP
Malware Config
Extracted
pikabot
https://45.76.251.190:5567
https://131.153.231.178:2221
https://95.179.135.3:2225
https://155.138.147.62:2223
https://86.38.225.109:13724
https://172.232.189.219:2224
https://198.44.187.12:2224
https://104.156.233.235:2226
https://103.82.243.5:13721
https://86.38.225.106:2221
https://45.32.248.100:2226
https://23.226.138.161:5242
https://37.60.242.85:9785
https://104.129.55.105:2223
https://45.32.21.184:5242
https://178.18.246.136:2078
https://108.61.78.17:13719
https://86.38.225.105:13721
https://172.232.189.10:1194
https://172.232.162.97:13719
Targets
-
-
Target
DISTINCTIOQ.jar
-
Size
337KB
-
MD5
e3201b7efe4dee74389d9c358f3c1798
-
SHA1
560a5875a00a75829ce916564f6dc3eee13d2c42
-
SHA256
267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b
-
SHA512
d90e4db4066625e48509225e3e4028187c40fe401afafef92e20e967ea3370d0b41b170658936781ca1e1ca68b6d02766f9d97b2f5c910e8d33731828bb5e21b
-
SSDEEP
6144:nAqn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDXVP:AA4qfA93BdTk3OeFXg3iDWhP
Score10/10-
PikaBot
PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
-
Loads dropped DLL
-
Modifies file permissions
-
Suspicious use of SetThreadContext
-