pikabot

General

Target

6c91b714aefef2438be04161d812403279c2da887902f9e979e83ace50dbb37a
Size

3.6MB
Sample

241010-szw5fsybjl
MD5

06bf67a1a4b9688d5ea65698b9f46db4
SHA1

42f0a6739acc2251a7c38239258fa9b7a2fc13f0
SHA256

6c91b714aefef2438be04161d812403279c2da887902f9e979e83ace50dbb37a
SHA512

8a7e9993ee7d142cb61d1c8fd5a8e62de2869548dd612d88c78818ec038d0c8fe5b7e9c2ba175b07c00136514f8e35829cf678d8f094abf742df71294f371338
SSDEEP

98304:xwrMZ1Fm2dvuvPSyzxUY9TdxbfPMHFLOAkGkzdnEVomFHKnPY:xDZz+dxbfPMHFLOyomFHKnPY

Score

10^/10

Malware Config

Extracted

Family

pikabot

C2

https://45.76.251.190:5567

https://131.153.231.178:2221

https://95.179.135.3:2225

https://155.138.147.62:2223

https://86.38.225.109:13724

https://172.232.189.219:2224

https://198.44.187.12:2224

https://104.156.233.235:2226

https://103.82.243.5:13721

https://86.38.225.106:2221

https://45.32.248.100:2226

https://23.226.138.161:5242

https://37.60.242.85:9785

https://104.129.55.105:2223

https://45.32.21.184:5242

https://178.18.246.136:2078

https://108.61.78.17:13719

https://86.38.225.105:13721

https://172.232.189.10:1194

https://172.232.162.97:13719

Targets

- Target
  
  6c91b714aefef2438be04161d812403279c2da887902f9e979e83ace50dbb37a
- Size
  
  3.6MB
- MD5
  
  06bf67a1a4b9688d5ea65698b9f46db4
- SHA1
  
  42f0a6739acc2251a7c38239258fa9b7a2fc13f0
- SHA256
  
  6c91b714aefef2438be04161d812403279c2da887902f9e979e83ace50dbb37a
- SHA512
  
  8a7e9993ee7d142cb61d1c8fd5a8e62de2869548dd612d88c78818ec038d0c8fe5b7e9c2ba175b07c00136514f8e35829cf678d8f094abf742df71294f371338
- SSDEEP
  
  98304:xwrMZ1Fm2dvuvPSyzxUY9TdxbfPMHFLOAkGkzdnEVomFHKnPY:xDZz+dxbfPMHFLOyomFHKnPY
Score

10^/10

discovery pikabot botnet
- PikaBot
  PikaBot is a botnet that is distributed similarly to Qakbot and written in c++.
  botnet pikabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2