pikabot | 4b2e1baebfe04cb86c9690d4d5eadb7e537279caffd3738373a91e81cab7f739 | Triage

Resubmissions

20-11-2023 06:45

231120-hjcqrseh9y 10

19-11-2023 02:12

231119-cnbrdage27 3

Sharing

General

Target

7692f2a72e44e0784d2efcc0bc14428d.bin
Size

1.1MB
Sample

231120-hjcqrseh9y
MD5

99c4d151469466d7b8d0879f848f98b2
SHA1

23741bbb335c29ceaaa012dbecc7f70132dad9ac
SHA256

4b2e1baebfe04cb86c9690d4d5eadb7e537279caffd3738373a91e81cab7f739
SHA512

d84e31fa0114a69eb9d91643855371ae0756a86d7dae3778e7aceb747f883a632868334a282e01018127220eef94beec5c83532a716c0cdfce19177a943cdd8d
SSDEEP

24576:4TL61Hd9Glyu537mTbdc3RAYm2kD5Io3JqOBRlCm5DbAh0uih:4n61Hd9W5aTaAY65R0IRgubAh03

Score

10^/10

pikabot botnet

Malware Config

Targets

- Target
  
  5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f.dll
- Size
  
  1.6MB
- MD5
  
  7692f2a72e44e0784d2efcc0bc14428d
- SHA1
  
  a45d24c73f7d24c256f811d180d58ad7471a7faa
- SHA256
  
  5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f
- SHA512
  
  a6181b8668606ec1571ac01052ce09456f884aeefabca85f850366a68550a810e5a3a39943cb79bf0e85fe63d2a125afaad2fb6a1bf33ffadd354b3537c7eff3
- SSDEEP
  
  24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8Z:IvZ9djrT/HLlvIYabSymLyQYGAHgO
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1