pikabot | a833610afa0a6308a50a55b77f07a9043c3fceedf8ac23fc434b056a786e6d7f | Triage

Sharing

General

Target

8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806.zip
Size

622KB
Sample

240402-lysx3sdh63
MD5

80558c17bf9206670049bdc851e16ddc
SHA1

098aae51e8d5f8767b4a3773021640e4b2a917e9
SHA256

a833610afa0a6308a50a55b77f07a9043c3fceedf8ac23fc434b056a786e6d7f
SHA512

860e2aa50a84e663e250a8564731f4f7890860efd1215407389ec52d90ba99c63ffd910d641a16ca16e2c9b2e2e316c7dba09b3fc813f692e87ea66c8863b708
SSDEEP

12288:RPnC13JdDm9kWYDpsC5Z3cqZnQfWtKY/8uNmcYCGVA2ZS3a119Rw:RcJJm2ZHjzZngFuOCGKGBE

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806.exe
- Size
  
  1.4MB
- MD5
  
  7a36e1ebf13b1950a75851bd95c6aabd
- SHA1
  
  68684e8fa82045bef1e132e0d4d9d215d4483c8f
- SHA256
  
  8eab535445ef91400fa8776ac3cef4f06c71a60832b8699db1fbccf8aacd5806
- SHA512
  
  0cd409b60d982cc549a91d9c7dd2b2b78ef169e0dbb0374f384cd8240cdc2078d29b6276d20994de1bbefffe499268b8941df87f00629b30ba8727f2f786dc0c
- SSDEEP
  
  24576:u3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6N:JmYqHU7pHYY00VcCDdowG3tMa6N
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2