pikabot | 6f81731020a9fb782476cf2a1ad6e2d69761c71b52136d050e753efb93105c52 | Triage

Sharing

General

Target

aab0e74b9c6f1326d7ecea9a0de137c76d52914103763ac6751940693f26cbb1.zip
Size

622KB
Sample

240402-lyv3fadh73
MD5

6c00fc41c6d4f2d6e6c35324687b5b7c
SHA1

84024387f362f5db28f97b607fd693a9acb2ccac
SHA256

6f81731020a9fb782476cf2a1ad6e2d69761c71b52136d050e753efb93105c52
SHA512

6f1a1e927e7c72bdb14df630c3477b1103c180495620fd42efbf5a7aa7c12ad225102e4d22c49a490e3ccf9b585f07dfa8ebd08849a960981a0bf6aca433482d
SSDEEP

12288:eo83LW8CSjH4sjOy3oIIrIWadLz3MjGvmpe7KgNRAhSNKZZ2rA9Fzq5tx:m7Flf3UTUH3iEIgNRISG2E95if

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  aab0e74b9c6f1326d7ecea9a0de137c76d52914103763ac6751940693f26cbb1.exe
- Size
  
  1.4MB
- MD5
  
  14389a809bd305dc1603ea636fd322f1
- SHA1
  
  9c2618ee0d0bc65989beec623cf3009422decf8c
- SHA256
  
  aab0e74b9c6f1326d7ecea9a0de137c76d52914103763ac6751940693f26cbb1
- SHA512
  
  4809d1d559e4f152eb674c877eb9b2f5d7568d5bac0d1a45450d4ca44b7267ea5965b9a7a87ffedf77bf1bca778dfc5a0704643a6fcf57cbc25a6f68f40400f6
- SSDEEP
  
  24576:v3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6D:ymYqHU7pHYY00VcCDdowG3tMa6D
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2