Overview

overview

10

Static

static

3

Birdman/Birdman.dll

windows7-x64

1

Birdman/Birdman.dll

windows10-2004-x64

10

Birdman/TZZ.pdf.lnk

windows7-x64

3

Birdman/TZZ.pdf.lnk

windows10-2004-x64

7

Resubmissions

07-05-2024 12:38

240507-pvdkrsga4z 10

16-10-2023 16:11

231016-tmwtlaab41 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ae853f0b83d3dffeaf192cb3e64209ad52bbfd5f0c41f85f1e1cea7217e3dc4

  • Size

    1.1MB

  • Sample

    240507-pvdkrsga4z

  • MD5

    e8edf6671952bf5eb4bfefd587ce565f

  • SHA1

    304254da810f4a1d1ce4377c7e71b3c3d5f2ce4e

  • SHA256

    2ae853f0b83d3dffeaf192cb3e64209ad52bbfd5f0c41f85f1e1cea7217e3dc4

  • SHA512

    1bbd29839d35f78594d74097b46379fe4812c238ea65760301b01454b32e3600f68901bef18b495047d48d3301d77767395d71feb150848882aa97aa42730189

  • SSDEEP

    24576:8AzEz9lPbnRQbenR3QzJwTIadRFD3YPKzJ7vFAjP/FrcBb/rq+T:8h5RLTBQNwTIalYPO9F8P/FmbzqK

Score
10/10
pikabotbotnet

Malware Config

Targets

    • Target

      Birdman/Birdman.dll

    • Size

      1.8MB

    • MD5

      ec8db58467d8e2e2221635c592fcca1a

    • SHA1

      e0215d156d2dc59b6259fd5ff792dc740626c8fa

    • SHA256

      aebff5134e07a1586b911271a49702c8623b8ac8da2c135d4d3b0145a826f507

    • SHA512

      5aaf241388dbb343e059af4a0cfd4d7507189f0c94f415ba9b9d87791e5f2bf81a780f73e2bbc8bb39f90edc779987eb422192fb3facb4c0dae78c140cacb787

    • SSDEEP

      24576:FSfBk+9Zl7pC4HE+Y/lU/Z46vVJkWuQpJ53am1u46FxVDmdVxoejIF4UAVddHctD:6kFhgJ8m1u/CVxodFSfd+WC9J

    Score
    10/10
    pikabotbotnet

    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

      botnetpikabot

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Birdman/TZZ.pdf.lnk

    • Size

      1KB

    • MD5

      54801c419cd1468e340604dd320223d8

    • SHA1

      413c08277d29c965fb667a83af76d453004a15ed

    • SHA256

      d57082ddb6cffaa1b6ad658bba6d79f958a7ea8afbd1f4e1ddfdddb4a7145961

    • SHA512

      55a2e1d83e094c8b527ef782da54daa7863f4f17dc9213b1192359d550cbb6f7dd5cc24412ba3a72a7d405df9c2c58ba4d1f64cc640775bb82777840d0b8e6b7

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks