pikabot | f207a52477086eaf27141c780530336d[.]bin

General

Target

f207a52477086eaf27141c780530336d.bin
Size

177KB
MD5

9dce3a296a667d3398326a3daf4857fe
SHA1

69532a363dc42567ea85f858f7d065f19e4518aa
SHA256

aece5dbd22972c1c97f1b77c3843751b7b83c52b190518d0e23acd4136f8a074
SHA512

76ceb9166e1ee605e60912ebdc1367db13662c881ce263481744c1f75709953cea04aa660baa8add2d37ec0241653fd58b12a69b32c9bff3f14015021c1419a0
SSDEEP

3072:oYN4VMsnAa0AooCePALQIr/I6Q4eQNJF3AEwwt3d/vjmXrd97OLnjwYkwu:oYsPAa0AoTeP+QIr/I6Q43B33wwD/q7T

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

C2

45.32.188.56:2967

154.221.30.136:13724

78.141.222.198:13786

216.128.136.231:13786

108.61.224.209:2967

139.84.235.8:2225

45.32.235.46:5242

210.243.8.247:23399

192.248.151.140:23399

Signatures

Detects PikaBot botnet 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe	family_pikabot_v2

Pikabot family
pikabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe

Files

f207a52477086eaf27141c780530336d.bin
.zip

Password: infected
ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe
.exe windows:6 windows x86 arch:x86

Password: infected

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
SetLastError
GetCurrentProcess
GetUserDefaultLangID
GetLargePageMinimum
lstrlenA
IsValidCodePage
GetTickCount
GetProcessHeap
GetModuleHandleA
GetLastError
GetCommandLineA

user32

IsZoomed
IsWindow
GetLastActivePopup
GetMessageTime
GetMessageExtraInfo
GetTopWindow
GetDialogBaseUnits
GetWindowTextLengthA

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 302KB - Virtual size: 302KB

.data Size: 8KB - Virtual size: 7KB

.idata Size: 1024B - Virtual size: 622B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 302KB - Virtual size: 302KB

.data
Size: 8KB - Virtual size: 7KB

.idata
Size: 1024B - Virtual size: 622B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB