Overview

overview

10

Static

static

10

pikabot.exe

windows7-x64

10

pikabot.exe

windows10-2004-x64

10

Resubmissions

22-06-2024 17:36

240622-v6w45swhkc 10

16-11-2023 07:55

231116-jr41nahf9v 3

15-11-2023 14:30

231115-rvbghsbd22 3

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pikabot.exe

  • Size

    306KB

  • MD5

    a12001230dd6f5ca67f7935bcfdcd650

  • SHA1

    fd39ca7366ca63f15a6e61e2cbda9195077a83b6

  • SHA256

    39d6f7865949ae7bb846f56bff4f62a96d7277d2872fec68c09e1227e6db9206

  • SHA512

    224d6c55953440d894d84787a88f6230964a9ec44f323dcdc49ebd9722cc5426719f36d202b586f408d0bd8d4e1502ba7edbb9037c500b1cab31242ada6bce91

  • SSDEEP

    3072:engX9CnOMcKVtnEcoVzr4j0NnRT+JwMU3AWoeFE1YerPvbyg1ihk6kvtfGq0ev37:EZ7ZGVzr4jq5kJRwFE77arkR10efUKh

Score
10/10
pikabotbotnet

Malware Config

Signatures

  • PikaBot

    PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.

    botnetpikabot
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pikabot.exe
    "C:\Users\Admin\AppData\Local\Temp\pikabot.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\SysWOW64\whoami.exe
      whoami.exe /all
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5052
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe /all
      2⤵
      • Gathers network information
      PID:1280
    • C:\Windows\SysWOW64\netstat.exe
      netstat.exe -aon
      2⤵
      • Gathers network information
      • Suspicious use of AdjustPrivilegeToken
      PID:708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads