pikabot | 158fdba70381175b6ee433de24f0802bef5de2b16965a68a88dde81092e0901b | Triage

Sharing

General

Target

7e4c7aab11985cb490f2792defcf57a11b4a5fb0d4410ba002439c540ce53296.zip
Size

622KB
Sample

240402-lyn9wsdh56
MD5

74820813fb8fc7644ce83c38a942cd21
SHA1

1a5dc346d28be8e12da3a7a8d7597d63c8e992c2
SHA256

158fdba70381175b6ee433de24f0802bef5de2b16965a68a88dde81092e0901b
SHA512

25451b3eb792cd1096ee5806577519ed1c50a27def03fbcee49f693423301b2dc4679cc1cf830a72f6e2dfc54836e7915abae89444b9e89a194020586d1d6c0f
SSDEEP

12288:es6daGqO6oBllUp2IdZc0O8HB7A8G6n37/jgokACiOhbWWB:t6IGMSllpIdZkgSwL7/ciOhbR

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  7e4c7aab11985cb490f2792defcf57a11b4a5fb0d4410ba002439c540ce53296.exe
- Size
  
  1.4MB
- MD5
  
  cf4bc87ba864d0ebf69434b63e7ed59b
- SHA1
  
  43e104dc7fc474b0f1b7cc0814578b2505b2298b
- SHA256
  
  7e4c7aab11985cb490f2792defcf57a11b4a5fb0d4410ba002439c540ce53296
- SHA512
  
  9efe4af32cd8071f5b42efc21b5f96d97954ae942ce4f2ce93a7d654db619918608b18227ead2130faaf90872e4c7c6b2ce4956fd80669f1e31ddaa4404e89e4
- SSDEEP
  
  24576:P3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6s:SmYqHU7pHYY00VcCDdowG3tMa6s
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2