pikabot | 694d294bdba707dfd804c043d78d669b46cc91d73f8a7ad41655d6ac0d4748b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4673b8db5634b2c632ccf32661ee0576ddb61d01ed329a894cc46edd777e362.zip
Size

622KB
Sample

240402-lywzqsdh82
MD5

69319b75c591ebdf7bd718f8d074e52e
SHA1

74644684d734476dded58b3940974fc86b69a7ea
SHA256

694d294bdba707dfd804c043d78d669b46cc91d73f8a7ad41655d6ac0d4748b2
SHA512

c32a6fee23329dc48c329027543d0a2c0de3822249372d35ac2faa355a19bd6758f77a24e615430cbb2589661d0c319a0b65ba40ee2c0dafc35aac4cb91199d4
SSDEEP

12288:ArPEN+JcdnXMWd7UCVhcEnRRdHPhJeZP61J9pUOr52FU/JbpSDKtFO6PhaN:AvN2UCPdR7Pv2U9d1PJbp2OO6+

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  f4673b8db5634b2c632ccf32661ee0576ddb61d01ed329a894cc46edd777e362.exe
- Size
  
  1.4MB
- MD5
  
  ab1d7f4a3f25241d2101479c6a49ec58
- SHA1
  
  78074f2088eb556166a0fb527d08552144d9fa5a
- SHA256
  
  f4673b8db5634b2c632ccf32661ee0576ddb61d01ed329a894cc46edd777e362
- SHA512
  
  06f85cab6e19640253af77c114ec188406ed08dc52383b96bf127157730742b1d91c6d68e5f5bfc91167173a4f59ecb7e010dba6555abb8435ccf869cc128ad3
- SSDEEP
  
  24576:H3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6U:qmYqHU7pHYY00VcCDdowG3tMa6U
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2