General

  • Target

    ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d

  • Size

    1.3MB

  • Sample

    241025-vxf2kascnd

  • MD5

    fd379c5ed778ea1000da0b8c9458f7f8

  • SHA1

    59fa8241388e3020e3f539ffbe3892332b59cd93

  • SHA256

    ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d

  • SHA512

    9de54ef1a15a70dcf266d24685b2c1e259170973a6c61033289303258f63e41cda1aa53335a91f8317a5963ede47a805c29dbe3f69c80f71a716515616669472

  • SSDEEP

    24576:7yTiqxhwB8ow5KiPUIRCv1N4JFMl2K1WKT3IDC95ag62:7yTiqxhw1rx1mY1Wm4DCOg62

Malware Config

Extracted

Family

pikabot

C2

https://139.84.237.229:2967

https://85.239.243.155:5000

https://104.129.55.104:2223

https://37.60.242.85:9785

https://95.179.191.137:5938

https://65.20.66.218:5938

https://158.220.80.157:9785

https://104.129.55.103:2224

https://158.220.80.167:2967

Targets

    • Target

      ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d

    • Size

      1.3MB

    • MD5

      fd379c5ed778ea1000da0b8c9458f7f8

    • SHA1

      59fa8241388e3020e3f539ffbe3892332b59cd93

    • SHA256

      ca5fb5814ec62c8f04936740aabe2664b3c7d036203afbd8425cd67cf1f4b79d

    • SHA512

      9de54ef1a15a70dcf266d24685b2c1e259170973a6c61033289303258f63e41cda1aa53335a91f8317a5963ede47a805c29dbe3f69c80f71a716515616669472

    • SSDEEP

      24576:7yTiqxhwB8ow5KiPUIRCv1N4JFMl2K1WKT3IDC95ag62:7yTiqxhw1rx1mY1Wm4DCOg62

    • PikaBot

      PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    • Pikabot family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks