pikabot | d165c3a8a173f6ca5b05a9c407376cd3c694a023c20a065d72f60d1940c390bf | Triage

Sharing

General

Target

fb13f1443013b5a4108b79253487506b9fbf572cf9c7fb1dc8c098da71545edc.zip
Size

622KB
Sample

240402-lyxk9sdd9v
MD5

297d6bd7bc292553c9c51ae9715d28cb
SHA1

cab17fbec7b8fcca4caccc455a085003d5acb57b
SHA256

d165c3a8a173f6ca5b05a9c407376cd3c694a023c20a065d72f60d1940c390bf
SHA512

8677679f8be4bd12d358138ef02cf93c27c7f971b0aea38aba56f36279e0a484889e712df3c4e7a1699d00070bf990ed17cfc812873bf05b76a3ccaebe4ec5ad
SSDEEP

12288:ErQS2HidizHCgMNsVIH1ND29O9X7su9Svys3HA12IxzVY6yCkHIYonr0YpD5ISZg:IdVg44CND2/u9il3q2IxwL7yoYTlg

Score

10^/10

pikabot botnet

Malware Config

Extracted

Family

pikabot

C2

109.199.99.131

154.38.175.241

23.226.138.143

23.226.138.161

145.239.135.24

178.18.246.136

141.95.106.106

104.129.55.105

57.128.165.176

Targets

- Target
  
  fb13f1443013b5a4108b79253487506b9fbf572cf9c7fb1dc8c098da71545edc.exe
- Size
  
  1.4MB
- MD5
  
  6f21cb2e1cc2b7a411f3c1ec17476737
- SHA1
  
  152e4851a2dbb853c7d17a36575a470c59b5a805
- SHA256
  
  fb13f1443013b5a4108b79253487506b9fbf572cf9c7fb1dc8c098da71545edc
- SHA512
  
  15a9506519ab5b78cd31dfcae4757db83277ca7b3c4c9a0e72d517116dd2c2cc3c157d1591bb337ae713f9fc13f140b26a013e634e9a1270237de797fcaf2e4b
- SSDEEP
  
  24576:d3dhgAYmYqHU7pHYev00V6dCDdoVYdGp8VTALtMa6x:ImYqHU7pHYY00VcCDdowG3tMa6x
Score

10^/10

pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2