pikabot

General

Target

2024-07-27_6a4b5a1fc48d7a85fe0a1ee8290e42b7_icedid
Size

1.3MB
Sample

240727-bjag3szdrg
MD5

6a4b5a1fc48d7a85fe0a1ee8290e42b7
SHA1

45faa50e3f66880615ddc8dba97e0cffea61a55e
SHA256

2a3b2ff71f16b23e21aa9855139553509476d9f80f99d509fe0ba2c66fb9acda
SHA512

e429100ccca6bd84685c6b4990c75f01f8bc1b37666706bc345c865ad66b03f01cfa0ce6c73d9262f955dc02a3230ac5b1ca6da27983cc7530fdafe4a0f6e39c
SSDEEP

12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx

Score

10^/10

Malware Config

Extracted

Family

pikabot

C2

https://158.220.95.214:5243

https://64.23.199.206:1194

https://172.232.208.90:2223

https://213.199.41.33:13721

https://194.233.91.144:5000

https://158.220.95.215:5242

https://84.247.157.112:13719

Targets

- Target
  
  2024-07-27_6a4b5a1fc48d7a85fe0a1ee8290e42b7_icedid
- Size
  
  1.3MB
- MD5
  
  6a4b5a1fc48d7a85fe0a1ee8290e42b7
- SHA1
  
  45faa50e3f66880615ddc8dba97e0cffea61a55e
- SHA256
  
  2a3b2ff71f16b23e21aa9855139553509476d9f80f99d509fe0ba2c66fb9acda
- SHA512
  
  e429100ccca6bd84685c6b4990c75f01f8bc1b37666706bc345c865ad66b03f01cfa0ce6c73d9262f955dc02a3230ac5b1ca6da27983cc7530fdafe4a0f6e39c
- SSDEEP
  
  12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx
Score

10^/10

discovery pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2