pikabot | 1b856a4e1aa8be60c26ec28c906f52cd5db4fbd283e95710a457bd29e4008f08 | Triage

Sharing

General

Target

887594ca6a20bf67064c0f2bf0db1246ab54236df3fadb7162ac8290d40b1798.zip
Size

622KB
Sample

240402-lypknadd71
MD5

685a560e6221a0bc7cccf50daca64fb8
SHA1

9ec7c5a0bc0b4aebc9aa88f41499afcc0fa858ed
SHA256

1b856a4e1aa8be60c26ec28c906f52cd5db4fbd283e95710a457bd29e4008f08
SHA512

7c8d7981beea0d48eeb683f14ef81d18963da0944fd7948bfd8b12fd3dad62d0bec37d0500145b9c7f3c12ffd7c040b6e0e52876b35c1cc01c0f0cb1415b1b02
SSDEEP

12288:DnhFMXsW4XrUFWWdzxKT1AEzIppWcuniZrhJG7qmOqmNj:DgZUWtdzxKTZEe1nMYzqt

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  887594ca6a20bf67064c0f2bf0db1246ab54236df3fadb7162ac8290d40b1798.exe
- Size
  
  1.4MB
- MD5
  
  2677fd95e54293517c0bc79fdd108f34
- SHA1
  
  278e973250198ccfcd4789c8f4951e8d9fe1ff84
- SHA256
  
  887594ca6a20bf67064c0f2bf0db1246ab54236df3fadb7162ac8290d40b1798
- SHA512
  
  cf9a96fb75eb780b4111d48417d1d9a1373372e4a8a678a0acf1a2399d31a3d7e89b1088ab418860f95c4d1da5820c013fb94af45b2a2638b4d75ea253527de3
- SSDEEP
  
  24576:63dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6L:FmYqHU7pHYY00VcCDdowG3tMa6L
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2