pikabot

General

Target

filename.exe
Size

1.4MB
Sample

240814-nqqtvszdrc
MD5

1db34920c3ae3eb8560695f89e92d930
SHA1

531fea122037a7b503e0fcb42aa24382a9631ac8
SHA256

569cf3de44279490ab8fe47d78ace6d5cbd6e6413be9d14316d31338eef12bdd
SHA512

b311b876c06e8d056a06991a8ebbcfd56c47a0b5d72e5f6ac94a20546f5c7bb857b143d22a09649e630d2474dfe8b7c9115b102443fe12910969f55178a74336
SSDEEP

24576:y0/wpWGxRsnyM3LF+0mlBnjs60nEisX1N9rm1Jo/13JQyjLc22dEaY7Unbya87CJ://wn0x3LFfmHnIZE9rm1Ji3hLc22dEa3

Score

10^/10

Malware Config

Extracted

Family

pikabot

C2

https://23.226.138.161:5242

https://104.156.233.235:2226

https://108.61.78.17:13719

https://103.82.243.5:13721

https://37.60.242.85:9785

https://86.38.225.106:2221

https://154.201.81.8:2967

https://104.129.55.105:2223

https://43.229.78.74:2226

Targets

- Target
  
  filename.exe
- Size
  
  1.4MB
- MD5
  
  1db34920c3ae3eb8560695f89e92d930
- SHA1
  
  531fea122037a7b503e0fcb42aa24382a9631ac8
- SHA256
  
  569cf3de44279490ab8fe47d78ace6d5cbd6e6413be9d14316d31338eef12bdd
- SHA512
  
  b311b876c06e8d056a06991a8ebbcfd56c47a0b5d72e5f6ac94a20546f5c7bb857b143d22a09649e630d2474dfe8b7c9115b102443fe12910969f55178a74336
- SSDEEP
  
  24576:y0/wpWGxRsnyM3LF+0mlBnjs60nEisX1N9rm1Jo/13JQyjLc22dEaY7Unbya87CJ://wn0x3LFfmHnIZE9rm1Ji3hLc22dEa3
Score

10^/10

discovery pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2