pikabot | 1e768f03915cceb60d00ed6c0566f072fe4616d46ff95f3b2cb070b4013bd8e4 | Triage

Sharing

General

Target

0e244c6cec7b9ffb12e2d0bca91ccd7a4633189e96b508ea32be7b9eccf186b3.zip
Size

622KB
Sample

240402-lyl5jadd61
MD5

44b3e32d43c74dcbcc7f89b0d5939be8
SHA1

213f32cdc9502cf34e62386fa9e4477f6294b2dd
SHA256

1e768f03915cceb60d00ed6c0566f072fe4616d46ff95f3b2cb070b4013bd8e4
SHA512

50d4ae5acc8b3dc74980cd38857b79f84962f66c63e69194e0dc5fcc55aa58d476482ba3568188f2d6b00008434efbd163c2f76bf5f21217e656ac3fb56471e4
SSDEEP

12288:DA7oZkLS2uEdlyIXQoIRhY7SPQbffFt4wap6b8juaKmXn/CvvZS5:kE/2Zly8Qo37SPQbffFt4wfbeuaKmPKG

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  0e244c6cec7b9ffb12e2d0bca91ccd7a4633189e96b508ea32be7b9eccf186b3.exe
- Size
  
  1.4MB
- MD5
  
  d4a85a8ca85271cffbd2ada694d3f009
- SHA1
  
  50cb1d688973a06b039471323e929bf54341bcf1
- SHA256
  
  0e244c6cec7b9ffb12e2d0bca91ccd7a4633189e96b508ea32be7b9eccf186b3
- SHA512
  
  b08fa0bb2e0837b8672b54ed763f6458f5c78f21f43f3d2f1b68a2dcc3f5a32725a38c88465e76d38f1d01819c49e768024d0b65624021e51fdb78bc2c964d2b
- SSDEEP
  
  24576:d3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6K:ImYqHU7pHYY00VcCDdowG3tMa6K
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2