pikabot | cb0f3edc7178bb106bb934cae8d50162328feecb81b33c183bd8d26296cf1a88 | Triage

Sharing

General

Target

000ac83fe38ca68495fc023c4b449f86c9d71b9583e0a7b4713cdc246a67306c.zip
Size

622KB
Sample

240402-lylh1adh43
MD5

94b9915558097ada51de6c5354d6b127
SHA1

7e60f6bee2bf2866bd4144003f61d7ce893112ec
SHA256

cb0f3edc7178bb106bb934cae8d50162328feecb81b33c183bd8d26296cf1a88
SHA512

9eaf6d0fca36cc83c7705fcb222dacc2f5646999980796a3a6bb3eb7cffed0f63e8b54d68ee034163c618514c4257e7c39bee03a1edfe6b1413247d2f2bbf21e
SSDEEP

12288:LJa4igUOcyju5mjHWPm1zdAx2uHD68tme/L8udAQJBpkXdo1lna7XbH:LcpO45k2+1luO8MYL8JQJPkXyHa7rH

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  000ac83fe38ca68495fc023c4b449f86c9d71b9583e0a7b4713cdc246a67306c.exe
- Size
  
  1.4MB
- MD5
  
  188e1dc92136a378a1c6dad95abc87c1
- SHA1
  
  94f851e2bac770cd574289aa1a2b5fc8fb331b49
- SHA256
  
  000ac83fe38ca68495fc023c4b449f86c9d71b9583e0a7b4713cdc246a67306c
- SHA512
  
  a1d6fd727b29974398757daf982c306924ed65ecaf943ab408113f9575a87e94d6a3fb31abc22656cb6a32c7673bffd8f660c537df72a92f4219ac3873bf9269
- SSDEEP
  
  24576:o3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:bmYqHU7pHYY00VcCDdowG3tMa6
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2