Resubmissions

07-05-2024 12:38

240507-pvdkrsga4z 10

16-10-2023 16:11

231016-tmwtlaab41 7

General

  • Target

    2ae853f0b83d3dffeaf192cb3e64209ad52bbfd5f0c41f85f1e1cea7217e3dc4

  • Size

    1.1MB

  • Sample

    240507-pvdkrsga4z

  • MD5

    e8edf6671952bf5eb4bfefd587ce565f

  • SHA1

    304254da810f4a1d1ce4377c7e71b3c3d5f2ce4e

  • SHA256

    2ae853f0b83d3dffeaf192cb3e64209ad52bbfd5f0c41f85f1e1cea7217e3dc4

  • SHA512

    1bbd29839d35f78594d74097b46379fe4812c238ea65760301b01454b32e3600f68901bef18b495047d48d3301d77767395d71feb150848882aa97aa42730189

  • SSDEEP

    24576:8AzEz9lPbnRQbenR3QzJwTIadRFD3YPKzJ7vFAjP/FrcBb/rq+T:8h5RLTBQNwTIalYPO9F8P/FmbzqK

Score
10/10

Malware Config

Targets

    • Target

      Birdman/Birdman.dll

    • Size

      1.8MB

    • MD5

      ec8db58467d8e2e2221635c592fcca1a

    • SHA1

      e0215d156d2dc59b6259fd5ff792dc740626c8fa

    • SHA256

      aebff5134e07a1586b911271a49702c8623b8ac8da2c135d4d3b0145a826f507

    • SHA512

      5aaf241388dbb343e059af4a0cfd4d7507189f0c94f415ba9b9d87791e5f2bf81a780f73e2bbc8bb39f90edc779987eb422192fb3facb4c0dae78c140cacb787

    • SSDEEP

      24576:FSfBk+9Zl7pC4HE+Y/lU/Z46vVJkWuQpJ53am1u46FxVDmdVxoejIF4UAVddHctD:6kFhgJ8m1u/CVxodFSfd+WC9J

    Score
    10/10
    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

    • Target

      Birdman/TZZ.pdf.lnk

    • Size

      1KB

    • MD5

      54801c419cd1468e340604dd320223d8

    • SHA1

      413c08277d29c965fb667a83af76d453004a15ed

    • SHA256

      d57082ddb6cffaa1b6ad658bba6d79f958a7ea8afbd1f4e1ddfdddb4a7145961

    • SHA512

      55a2e1d83e094c8b527ef782da54daa7863f4f17dc9213b1192359d550cbb6f7dd5cc24412ba3a72a7d405df9c2c58ba4d1f64cc640775bb82777840d0b8e6b7

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks