pikabot | 4bf567412ef89abc49170c679ec348d69ea54b1cf87bbae16a840d250442a449 | Triage

Sharing

General

Target

a9677832e0b19aab863d243aec2245a0be5d916477bd58ae10b8674b912161b2.zip
Size

622KB
Sample

240402-lyvrnsdh69
MD5

50b44a417389edde2d6bdfe6126c9c51
SHA1

502ff9084a3b4a8db45a09f4ee1e3b1ce110ee54
SHA256

4bf567412ef89abc49170c679ec348d69ea54b1cf87bbae16a840d250442a449
SHA512

62571a68e9437c8a3c6dc6deac965e084d8ecd986ba986525aaaf05aaf2a05d12a6469375bf0abf4821fbff13469eec2a46c2da21c595bd8eb7616019d2ab77d
SSDEEP

12288:h2Pq/8mDAxhZQYw/Dw9EEyS/TthO9Ezk4VD0r2ZoUqD2Lf48uwcsUL9x+Ex:h2PqkmD8ZQ5E9Ew7twazfDPV62Lg8uYy

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  a9677832e0b19aab863d243aec2245a0be5d916477bd58ae10b8674b912161b2.exe
- Size
  
  1.4MB
- MD5
  
  20990f6ff64d31077fec22f640e7b67b
- SHA1
  
  9053e89a6d12f01aafe4d793065db6879168cba6
- SHA256
  
  a9677832e0b19aab863d243aec2245a0be5d916477bd58ae10b8674b912161b2
- SHA512
  
  5ed6de42e83525cb8d47b7ba195b2b5106c4efdf8fbe00da55d58b95c5c81a0a02846c544073390847806ad36ab3d288041548b4b1bc7b8cd437e5c0dcf8d03b
- SSDEEP
  
  24576:m3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6Z:BmYqHU7pHYY00VcCDdowG3tMa6Z
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2