pikabot | 50bb5620a6fc53335c175ae74a6e5b5f63b2b3f64d459a17fe190e4e00ead36a | Triage

Sharing

General

Target

06032024_2347_3290.zip
Size

452KB
Sample

240306-s8mblsbg58
MD5

b2458c89a47ea7339ab86fdba16fbc63
SHA1

3298baf38963c3c23b17ec86a4b7d5ecbd458686
SHA256

50bb5620a6fc53335c175ae74a6e5b5f63b2b3f64d459a17fe190e4e00ead36a
SHA512

9e00ca24379d2c30734a02a29332443af8f20aac30cac356addb94bb92390f12059a64e34ae14dbf582512f5b8c6289c8eeb79ad8db99ef67cd18a1ef03f0a73
SSDEEP

12288:ae2ZfGZPPR2Ig0P+8k00XBCAWnkhnDfo/9XX:a7UZXRDGRjX3UV

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

154.53.55.165

158.247.240.58

154.12.236.248

Targets

- Target
  
  3290.png.dll
- Size
  
  840KB
- MD5
  
  72a127660a34aae5e734620f22a77a8a
- SHA1
  
  9fe5934370d801df2c1d340456de15931ae392a0
- SHA256
  
  326a84702468acaaa4b6aa0eecab55dcb8f443ddac5a6dfb66a4120a4e42ab49
- SHA512
  
  d2c2e7e6bae99cef36af68168c6809f4cdb03d332c5e0c505a70baac5941ddf3f3d6ee35f9e4fcd3c70e0630e7ac07a30f3398d00dba9b7632d1cf9071bcacb0
- SSDEEP
  
  24576:6e9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:pBmpSVmLfCDfPJ4cDFPhmghE
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  launcher.bat
- Size
  
  70B
- MD5
  
  70c96b6b962525522af80754c7bcd149
- SHA1
  
  53f0dfda950efc0accdf179c43df49ffc1709787
- SHA256
  
  98bb57008710d6606f39855433c3f080921cddcd23efa6862208fd8749258976
- SHA512
  
  830468a2ed9d2334a73381b833e6bbe2de79482efc20cb8e2af36522df57295e88efabe66e3b8b5310338eca44429817570220d7d5cf32285a05fb9d1a5a7dfb
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4