pikabot | 114e164554fc107eddcf9fc71ffa791bc330597e7350a021bcdc3d4aabf7e6a8 | Triage

Sharing

General

Target

90856f462c1b28f7a692f1f39f7278b22eb8c06bbe83cd2186a1241724cfaabe.zip
Size

623KB
Sample

240402-lys8vadh64
MD5

66689c483447c49922511948f3052911
SHA1

e26ad483985f6eedd78b36e81562d9df00d9a4e0
SHA256

114e164554fc107eddcf9fc71ffa791bc330597e7350a021bcdc3d4aabf7e6a8
SHA512

951296ee8876613e9ea75d38b02e0e2b3f8a49159de6f721c0bdd76f5a41c9d8201364fc67c605d9f13e71113eb302f293ff69bd9aa4c7af8e99b2177b703787
SSDEEP

12288:Y9v0b0NB2ZJKpAybraqH0uXOi6x91sB9aqN1zR3aYrkJ/kpUgMU0J5gqZv:K02M2Ay3aQH6x9u9aK1zR3awkJ/ku60d

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  HJ.exe
- Size
  
  1.4MB
- MD5
  
  7a36e1ebf13b1950a75851bd95c6aabd
- SHA1
  
  68684e8fa82045bef1e132e0d4d9d215d4483c8f
- SHA256
  
  8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806
- SHA512
  
  0cd409b60d982cc549a91d9c7dd2b2b78ef169e0dbb0374f384cd8240cdc2078d29b6276d20994de1bbefffe499268b8941df87f00629b30ba8727f2f786dc0c
- SSDEEP
  
  24576:u3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6N:JmYqHU7pHYY00VcCDdowG3tMa6N
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2