pikabot

General

Target

a71144abab2790e16b0dd0474665bafe519621ebf17d417bf92723234e22917a.zip
Size

623KB
Sample

240223-rmnf4sah83
MD5

23065e446546e035e82468a124151caa
SHA1

68d1ac0296180351e2ee9bcd3b425025f46582e6
SHA256

dbedfc209a3b2637467adcbf344d88e7eb90dd20eb141e086a6712229347729a
SHA512

2afd484a41b077e21b282b1e028141841f33079cc08ede260eb196582a3e345ce92105b3bfd6db9b60bdc0e4df1ee45cb8cc80dd6f33a4492acb234f570fa21a
SSDEEP

12288:D4Kc5ZcY/i3DuPubIXsyD+n0gpfF1aT0aX3hKQgtRjb/zIRUytJp:UKcMP3DsOIvgpd1kDXxKQgtBUUytf

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  EK.exe
- Size
  
  1.4MB
- MD5
  
  ea47545ac9ca1b7915b8567c84ef6f47
- SHA1
  
  961f43b020e27b8bc66de92ca73c52759af78bb0
- SHA256
  
  60ffa2a4c96b8f2a95602fc190cabedf4c5860f8514a648b601f0a96fc6da7de
- SHA512
  
  0936ea4e1a926c8eee1614302077585aa60070b265e861be56da62aa2a6d7ecc823934b3bc833f00c7c884628b69a0f737e5bf21248b6328ab08891457ddc33e
- SSDEEP
  
  24576:D3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6O:2mYqHU7pHYY00VcCDdowG3tMa6O
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2