General

  • Target

    2024-07-27_6a4b5a1fc48d7a85fe0a1ee8290e42b7_icedid

  • Size

    1.3MB

  • Sample

    240727-bjag3szdrg

  • MD5

    6a4b5a1fc48d7a85fe0a1ee8290e42b7

  • SHA1

    45faa50e3f66880615ddc8dba97e0cffea61a55e

  • SHA256

    2a3b2ff71f16b23e21aa9855139553509476d9f80f99d509fe0ba2c66fb9acda

  • SHA512

    e429100ccca6bd84685c6b4990c75f01f8bc1b37666706bc345c865ad66b03f01cfa0ce6c73d9262f955dc02a3230ac5b1ca6da27983cc7530fdafe4a0f6e39c

  • SSDEEP

    12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx

Malware Config

Extracted

Family

pikabot

C2

https://158.220.95.214:5243

https://64.23.199.206:1194

https://172.232.208.90:2223

https://213.199.41.33:13721

https://194.233.91.144:5000

https://158.220.95.215:5242

https://84.247.157.112:13719

Targets

    • Target

      2024-07-27_6a4b5a1fc48d7a85fe0a1ee8290e42b7_icedid

    • Size

      1.3MB

    • MD5

      6a4b5a1fc48d7a85fe0a1ee8290e42b7

    • SHA1

      45faa50e3f66880615ddc8dba97e0cffea61a55e

    • SHA256

      2a3b2ff71f16b23e21aa9855139553509476d9f80f99d509fe0ba2c66fb9acda

    • SHA512

      e429100ccca6bd84685c6b4990c75f01f8bc1b37666706bc345c865ad66b03f01cfa0ce6c73d9262f955dc02a3230ac5b1ca6da27983cc7530fdafe4a0f6e39c

    • SSDEEP

      12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks