General

  • Target

    f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi

  • Size

    1.5MB

  • Sample

    240923-vqyysstgqj

  • MD5

    5ba3dd339379dd640002ca9dee880ce0

  • SHA1

    d68b36f919b3f131f7c25c0d0cfa0ee22f79aa23

  • SHA256

    f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5

  • SHA512

    3527a3f738e084c8522d8976594eb9d3d38642296b9794b6e58ea1a40850c52794e498fb72f997695d12aac800327370edccc2b6fcc97d3d4ab76b1ca4fb66ed

  • SSDEEP

    24576:A5LWW2cDo6vLV15xTHfCIr43Hm2pDA9mtByVcNPEuXggR89g:OKW306vLV15AFGJ9uB0cBRXfp

Malware Config

Targets

    • Target

      f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5msi.msi

    • Size

      1.5MB

    • MD5

      5ba3dd339379dd640002ca9dee880ce0

    • SHA1

      d68b36f919b3f131f7c25c0d0cfa0ee22f79aa23

    • SHA256

      f119f1e813cdb8dba30bd3348ef97cd8bf5213b3e1a9f25f008337e8b34eaee5

    • SHA512

      3527a3f738e084c8522d8976594eb9d3d38642296b9794b6e58ea1a40850c52794e498fb72f997695d12aac800327370edccc2b6fcc97d3d4ab76b1ca4fb66ed

    • SSDEEP

      24576:A5LWW2cDo6vLV15xTHfCIr43Hm2pDA9mtByVcNPEuXggR89g:OKW306vLV15AFGJ9uB0cBRXfp

    • Detects PikaBot botnet

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks