pikabot | ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da[.]exe

General

Target

ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe
Size

325KB
MD5

f207a52477086eaf27141c780530336d
SHA1

cb3ea1f333d8b80b5ddda33bb1366a46b22dbeaa
SHA256

ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da
SHA512

65d4487f3b0d38f1c0b09b9f770048d29881db7628f97bde0d1a74895d1bb9113a2bd9ef60852336f238ec8e58ae2ef64a72de4b1fc78eaa00c746513aa72d71
SSDEEP

6144:sbjgxWB7mwVBDJVxqrU8eLgL02n8ifnC8nlBe:sbx9mwzlVxqr1ep28ECilB

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

C2

45.32.188.56:2967

154.221.30.136:13724

78.141.222.198:13786

216.128.136.231:13786

108.61.224.209:2967

139.84.235.8:2225

45.32.235.46:5242

210.243.8.247:23399

192.248.151.140:23399

Signatures

Detects PikaBot botnet 1 IoCs

Processes:

resource yara_rule

sample family_pikabot_v2
Pikabot family
pikabot

resource	yara_rule
sample	family_pikabot_v2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe

Files

ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe
.exe windows:6 windows x86 arch:x86

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
SetLastError
GetCurrentProcess
GetUserDefaultLangID
GetLargePageMinimum
lstrlenA
IsValidCodePage
GetTickCount
GetProcessHeap
GetModuleHandleA
GetLastError
GetCommandLineA

user32

IsZoomed
IsWindow
GetLastActivePopup
GetMessageTime
GetMessageExtraInfo
GetTopWindow
GetDialogBaseUnits
GetWindowTextLengthA

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 302KB - Virtual size: 302KB

.data Size: 8KB - Virtual size: 7KB

.idata Size: 1024B - Virtual size: 622B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 302KB - Virtual size: 302KB

.data
Size: 8KB - Virtual size: 7KB

.idata
Size: 1024B - Virtual size: 622B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB