pikabot | 8c1b9f2bec77135d3a9ee685f5263ba2e89fc5df2e9c3bb1e4f03a7bcb4c439a | Triage

Sharing

General

Target

002068cbbe704d25bce0817632bc46e876591cfdaf9b159a007ae42754f76ca4.zip
Size

623KB
Sample

240402-lyltrsdd6z
MD5

143ab98de996d89cbe6c05d5115a8c6c
SHA1

8468c44c95eb070ccc3317d25d2099fbf34017f9
SHA256

8c1b9f2bec77135d3a9ee685f5263ba2e89fc5df2e9c3bb1e4f03a7bcb4c439a
SHA512

0426d59f978bf865d88ae16023e16a9ef1fa8eff464d2694389090a627425a7c197a928ffbf6de2a74bd7f9d661b857ce80cc8846e9f5f3cebaaf965b9d229ec
SSDEEP

12288:WIIjps0sNdi8inD7uQOsnN31hSxfdfOiC8KSMyoKULSVVuMrd:GV8KaQHN31hed48SKUeVVuMrd

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  ER.exe
- Size
  
  1.4MB
- MD5
  
  c38dd211b6f0360a53fc0c70fc6d3529
- SHA1
  
  7670dbdaa159f4f82777899836d09047d5d739fb
- SHA256
  
  be992d892d7448e2fe6d6bb0f6de72fbb247ef068e6cbb8c302a2486a8aceebb
- SHA512
  
  c9062f598fe4721e96c7224424939dfa3890dcb6025396f8a64a993d74b9e596bd330e9c2d8c624d36550626389a87e6281d057c1bf28d3da6314ba66c77e8ab
- SSDEEP
  
  24576:i3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6:tmYqHU7pHYY00VcCDdowG3tMa6
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2