pikabot | 92153e88db63016334625514802d0d1019363989d7b3f6863947ce0e490c1006 | Triage

Sharing

General

Target

92153e88db63016334625514802d0d1019363989d7b3f6863947ce0e490c1006
Size

1.2MB
Sample

231113-mg5qzsce87
MD5

de387211ce4d850475df9c828ebd5cb6
SHA1

1be0957d4bc3dee90f43ef6b2c4a6045a6511dfc
SHA256

92153e88db63016334625514802d0d1019363989d7b3f6863947ce0e490c1006
SHA512

95dcf113aa5f532493eae8ccd208f7f64611f18465a8d52fd6caab66c178d352dd230775342298240d6e78fb27e7adaa92fb8b076a49f23ed7c4722d4fc2f003
SSDEEP

24576:tvr+qtKbfCGLovhM2he3og6p6tOs1CTvmO4Kr5x+1kxjq0cnccy:M5CPjKjLCTvm0oqxdv

Score

10^/10

pikabot botnet persistence

Malware Config

Targets

- Target
  
  92153e88db63016334625514802d0d1019363989d7b3f6863947ce0e490c1006
- Size
  
  1.2MB
- MD5
  
  de387211ce4d850475df9c828ebd5cb6
- SHA1
  
  1be0957d4bc3dee90f43ef6b2c4a6045a6511dfc
- SHA256
  
  92153e88db63016334625514802d0d1019363989d7b3f6863947ce0e490c1006
- SHA512
  
  95dcf113aa5f532493eae8ccd208f7f64611f18465a8d52fd6caab66c178d352dd230775342298240d6e78fb27e7adaa92fb8b076a49f23ed7c4722d4fc2f003
- SSDEEP
  
  24576:tvr+qtKbfCGLovhM2he3og6p6tOs1CTvmO4Kr5x+1kxjq0cnccy:M5CPjKjLCTvm0oqxdv
Score

10^/10

pikabot botnet persistence
- Detects PikaBot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

pikabotbotnetpersistence