General

  • Target

    DISTINCTIOQ.jar

  • Size

    337KB

  • Sample

    240423-ppf4psgc64

  • MD5

    e3201b7efe4dee74389d9c358f3c1798

  • SHA1

    560a5875a00a75829ce916564f6dc3eee13d2c42

  • SHA256

    267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b

  • SHA512

    d90e4db4066625e48509225e3e4028187c40fe401afafef92e20e967ea3370d0b41b170658936781ca1e1ca68b6d02766f9d97b2f5c910e8d33731828bb5e21b

  • SSDEEP

    6144:nAqn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDXVP:AA4qfA93BdTk3OeFXg3iDWhP

Malware Config

Extracted

Family

pikabot

C2

https://45.76.251.190:5567

https://131.153.231.178:2221

https://95.179.135.3:2225

https://155.138.147.62:2223

https://86.38.225.109:13724

https://172.232.189.219:2224

https://198.44.187.12:2224

https://104.156.233.235:2226

https://103.82.243.5:13721

https://86.38.225.106:2221

https://45.32.248.100:2226

https://23.226.138.161:5242

https://37.60.242.85:9785

https://104.129.55.105:2223

https://45.32.21.184:5242

https://178.18.246.136:2078

https://108.61.78.17:13719

https://86.38.225.105:13721

https://172.232.189.10:1194

https://172.232.162.97:13719

Targets

    • Target

      DISTINCTIOQ.jar

    • Size

      337KB

    • MD5

      e3201b7efe4dee74389d9c358f3c1798

    • SHA1

      560a5875a00a75829ce916564f6dc3eee13d2c42

    • SHA256

      267895bb452a1cc607155917f13672d66e394ec30e34f5689d427e6cd81ca15b

    • SHA512

      d90e4db4066625e48509225e3e4028187c40fe401afafef92e20e967ea3370d0b41b170658936781ca1e1ca68b6d02766f9d97b2f5c910e8d33731828bb5e21b

    • SSDEEP

      6144:nAqn4qfVev93QG4B9XQdKuPKwdWBsw3eO8RQrFXg3iWA5iHDXVP:AA4qfA93BdTk3OeFXg3iDWhP

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Loads dropped DLL

    • Modifies file permissions

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks