pikabot | ce229ce6a57f1c3b7c1ebd39d83032165bf21027e58e5cba133fa92e0df32c0d | Triage

Submit
Reports

Overview

overview

Static

static

3

AlmiqueArt...b3.dll

windows7-x64

3

AlmiqueArt...b3.dll

windows10-2004-x64

3

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

Sharing

General

Target

20112023_2233_AlmiqueArtilleryman_pkb3.zip
Size

967KB
Sample

231120-rw5fzshd6w
MD5

a8fae5bf2769be2aadcf3940030c31cc
SHA1

bf6327af159c5378c9096773c2d5625af3bfe267
SHA256

ce229ce6a57f1c3b7c1ebd39d83032165bf21027e58e5cba133fa92e0df32c0d
SHA512

7bbf3858977d053ff2cd1f5c5a74843d41a4201548482f108e55ebbb99b67237ee6f2c83f15c1062e0a1e919d082e46733bec6b9d46112ca3fdef0fc7f3009d9
SSDEEP

24576:fU/8/RRSnYRTO2R4iXksPXD+6AjZ+J2CN5HGHoMm:fUE/in6O84i0WujZa5Mm

Score

10^/10

pikabot botnet

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AlmiqueArtilleryman_pkb3.dll

Resource

win7-20231020-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

AlmiqueArtilleryman_pkb3.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

launcher.bat

Resource

win7-20231023-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

launcher.bat

Resource

win10v2004-20231020-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  AlmiqueArtilleryman_pkb3.dll
- Size
  
  1.4MB
- MD5
  
  d0256fa105e5efb3be92980c37bec56a
- SHA1
  
  94a483168ded4bd365e5d895eeaf6617eceb15aa
- SHA256
  
  3afd0ec9ff87802fecb70c64bf0c0b86081bd909b9b649f902931964d585632a
- SHA512
  
  7f2f7b4a1be93cddd9f769b0cfbae6384e802cf4d3826674f778419b58e9c115f99632d11e23e9541c17149da40b77d410834a841744e74047d2a30aa2f74feb
- SSDEEP
  
  24576:RSK7rGFAMXNQi2h3ErhPirNiX60lpYA/58c8thHBALNu4hOx3jMG:veFPdqNiK9AkBiXEjMG
Score

3^/10
behavioral1 behavioral2
- Target
  
  launcher.bat
- Size
  
  82B
- MD5
  
  57a97b0b1b4d1f1418acb99e27c61423
- SHA1
  
  bd9a011eeaf67e32a0242675ee2214105947a408
- SHA256
  
  aa64b11b87f40593764f6b9a9fb2b87ab0cce1059305834862be0a5844308b7d
- SHA512
  
  c72c6cdd07d9ee843d2bdc7a5eb19e3c29caf2781535b6ceafcf3a0cc63ef2ca57cc26da9b9c7e6ae08e031295c9fb6651a86e7d0502715a6fbddde53417b466
Score

10^/10

pikabot botnet
- Detects PikaBot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy