Backdoor Details – Binary Analysis Stage 1 injector The analysis in this blog is based on this ZIP archive: Advanced-ip-scanner.zip (SHA256:7966ee1ae9042e7345a55aa98ddeb4f39133216438d67461c7ee39864292e015). The ZIP archive contains two files: Advanced-ip-scanner.exe: A renamed copy of the legitimate Microsoft EXE oleview.exe. IVIEWERS.dll: A 22 MB DLL, which contains the stage two payload. This DLL is padded with an unused […]
Pikabot seems to have a binary version and a campaign ID. The keys 0fwlm4g and v2HLF5WIO are present in the JSON data, with the latter seemingly being a campaign ID. The malware creates a named pipe and uses it to temporarily store the additional information gathered by creating the following processes: whoami.exe /all ipconfig.exe /all […]
What is Extended Binary Coded Decimal Interchange Code (EBCDIC)? Extended Binary Coded Decimal Interchange Code (EBCDIC) is an eight-bit encoding scheme that standardizes how alphanumeric characters, punctuation and other symbols are interpreted by a computer’s operating system (OS) and applications. The encoding scheme is typically referenced by the EBCDIC acronym, which is pronounced either “ehb-suh-dik” […]