General

  • Target

    bd86c0f01b0d86549f84b2436201a011de027dabf508e0ebca183f8497d33b03

  • Size

    200KB

  • Sample

    241010-npjzxsvcrc

  • MD5

    30fc42a45456c2794588c76efd682422

  • SHA1

    d442065cd24ee151b2890b214ae09d1dc76c5011

  • SHA256

    bd86c0f01b0d86549f84b2436201a011de027dabf508e0ebca183f8497d33b03

  • SHA512

    2a44918be42a563a3e2b7a10a83e51ef5cca12fce44ce3b3b2a40412926eb748043b73962c860744a045cb329dfcad7f16fcc186f1c16f1de6474c49b601cb15

  • SSDEEP

    3072:ACDGhaOm6x8CM/84jrYMPghFfkEiAtPUJ/zVHBoZx0fTR2MIpkWE7h:XyDJm/tj7PghCq0f

Malware Config

Extracted

Family

pikabot

C2

https://154.53.55.165:13719

https://158.247.240.58:5688

https://70.34.223.164:5000

https://70.34.199.64:9785

https://45.77.63.237:5687

https://198.38.94.213:2224

https://94.72.104.80:5000

https://84.46.240.42:2083

https://154.12.236.248:13722

https://94.72.104.77:13724

https://209.126.86.48:1194

Targets

    • Target

      bd86c0f01b0d86549f84b2436201a011de027dabf508e0ebca183f8497d33b03

    • Size

      200KB

    • MD5

      30fc42a45456c2794588c76efd682422

    • SHA1

      d442065cd24ee151b2890b214ae09d1dc76c5011

    • SHA256

      bd86c0f01b0d86549f84b2436201a011de027dabf508e0ebca183f8497d33b03

    • SHA512

      2a44918be42a563a3e2b7a10a83e51ef5cca12fce44ce3b3b2a40412926eb748043b73962c860744a045cb329dfcad7f16fcc186f1c16f1de6474c49b601cb15

    • SSDEEP

      3072:ACDGhaOm6x8CM/84jrYMPghFfkEiAtPUJ/zVHBoZx0fTR2MIpkWE7h:XyDJm/tj7PghCq0f

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks